Cisco has disclosed that the Chinese cyber threat actor, Salt Typhoon, gained access to major U.S. telecommunications firms through the exploitation of the CVE-2018-0171 vulnerability and stolen login credentials. Cisco Talos highlighted the sophisticated nature of the group, which managed to maintain persistent access to compromised environments for extended periods, indicating advanced planning and coordination typical of state-sponsored threats. Though the hackers made attempts to exploit other vulnerabilities, Cisco found no successful evidence, suggesting a focused approach on specific known flaws and credential theft techniques.
Another noteworthy behavior exhibited by Salt Typhoon entails leveraging living-off-the-land (LOTL) techniques on network devices, abusing the trusted infrastructure as pivot points to jump from one telecom to another.
The long timeline of this campaign suggests a high degree of coordination, planning, and patience - standard hallmarks of advanced persistent threat (APT) and state-sponsored actors.
Collection
[
|
...
]