Surrounds of salt in China are still penetrating contacts – now by exploiting CISCO guidance

When the group of Chinese infiltrators known as Salt Typhoon was revealed last fall The main American telecommunications companies in depth-Righting at least nine of the phone holders and reaching the texts of Americans and calls in real time-that the piracy campaign was treated as a fire by the United States government. However, even after these prominent infiltrators were exposed, they continued to storm communication networks around the world, including more in the United States.

Researchers at the Cyber ​​Security Company in the future revealed on Wednesday night in a report that they saw the five hurricanes of telecommunications and Internet services provided all over the world, in addition to more than ten universities from Utah to Vietnam, all between December and January. Communications include an American Internet service provider, an Etisalat company and another US -based US Telecommunications Company, according to the company’s analysts, although they refused to name these victims on the wire.

“They are very active, and they are still very active,” says Levy Gonda, who leads the Future Research Team known as Insikt Group. “I think there is just a general spread of their aggression in converting communication networks into Swiss cheese.”

To implement this last campaign of breakthroughs, it targeted Salt Typhoon-who recorded future tracks under its name, Redmike, instead of the Typhoon handle created by Microsoft-web fronts exposed to IOS for CISCO programs, which work on networks and giant routers and keys. The infiltrators took advantage of the different weaknesses in the symbol of these devices, one of which gives initial access, and the other provides root privileges, giving the infiltrators full control over a strong piece of equipment often with access to the victim’s network.

“At any time you are integrated into the infrastructure networks like routers, you have keys to the Kingdom where you can access, monitor and die,” says Gundert.

The registered Future found more than 12000 CISCO devices that have been exposed to the Internet online interfaces, and says that the infiltrators targeted more than a thousand of those devices installed in networks all over the world. Among them, they seem to have focused on a smaller sub -group of communications and university networks successfully exploited by Cisco devices. For those specified targets, Salt Typhoon has created the hacker Cisco devices to connect to the orders and control servers of the infiltrators by public orientation packaging, or GR-tunnels, which is a protocol used to prepare special communication channels-and then it uses these connections to maintain their arrival and steal data.

When WIRED arrived at CISCO for comment, the company referred to A. Security consultations It was published about the weaknesses of its IOS website in 2023.

The network penetration devices as entry points for the targeted victims – by exploiting the known weaknesses whose owners failed to correct – has become a record operation of other Chinese piracy groups. This is partly because these network devices lack many safety controls and monitoring programs that are extended to traditional computing devices such as servers and computers. Future notes registered in its report that the advanced Chinese spying teams targeted these weak network devices as a preliminary storming method for at least five years.