China's Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers
Feb 13, 2025 12:00 AM Despite high-profile attention and even US sanctions, the group hasn't stopped or even slowed its operation, including the breach of two more US telecoms. A server room at the Cisco Systems Poland headquarters in Krakow, Poland. Photograph:When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies—ultimately breaching no fewer than nine of the phone carriers and accessing Americans' texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the US government. Yet even after those hackers' high-profile exposure, they've continued their spree of breaking into telecom networks worldwide, including more in the US.
Researchers at cybersecurity firm Recorded Future on Wednesday night revealed in a report that they've seen Salt Typhoon breach five telecoms and internet service providers around the world, as well as more than a dozen universities from Utah to Vietnam, all between December and January. The telecoms include one US internet service provider and telecom firm and another US-based subsidiary of a UK telecom, according to the company's analysts, though they declined to name those victims to WIRED.
'They're super active, and they continue to be super active,' says Levi Gundert, who leads Recorded Future's research team known as Insikt Group. 'I think there's just a general under-appreciation for how aggressive they are being in turning telecommunications networks into Swiss cheese.'
To carry out this latest campaign of intrusions, Salt Typhoon—which Recorded Future tracks under its own name, RedMike, rather than the Typhoon handle created by Microsoft—has targeted the internet-exposed web interfaces of Cisco's IOS software, which runs on the networking giant's routers and switches. The hackers exploited two different vulnerabilities in those devices' code, one of which grants initial access, and another that provides root privileges, giving the hackers full control of an often powerful piece of equipment with access to a victim's network.
'Any time you're embedded in communication networks on infrastructure like routers, you have the keys to the kingdom in what you're able to access and observe and exfiltrate,' Gundert says.
Recorded Future found more than 12,000 Cisco devices whose web interfaces were exposed online, and says that the hackers targeted more than a thousand of those devices installed in networks worldwide. Of those, they appear to have focused on a smaller subset of telecoms and university networks whose Cisco devices they successfully exploited. For those selected targets, Salt Typhoon configured the hacked Cisco devices to connect to the hackers' own command-and-control servers via generic routing encapsulation, or GRE tunnels—a protocol used to set up private communications channels—then used those connections to maintain their access and steal data.
When WIRED reached out to Cisco for comment, the company pointed to a security advisory it published about vulnerabilities in the web interface of its IOS software in 2023. 'We continue to strongly urge customers to follow recommendations outlined in the advisory and upgrade to the available fixed software release,' a spokesperson wrote in a statement.
Hacking network appliances as entry points to target victims—often by exploiting known vulnerabilities that device owners have failed to patch—has become standard operating procedure for Salt Typhoon and other Chinese hacking groups. That's in part because those network devices lack many of the security controls and monitoring software that's been extended to more traditional computing devices like servers and PCs. Recorded Future notes in its report that sophisticated Chinese espionage teams have targeted those vulnerable network appliances as a primary intrusion technique for at least five years.
That Salt Typhoon continues to carry out business as usual is nonetheless notable, Recorded Future's analysts say. The group's activities have been exposed in the media, in government reports and announcements issued by the FCC, CISA, and the White House, even in sanctions issued by the US Treasury. But that hasn't caused the hackers to change course. On January 17, Treasury sanctioned Sichuan Juxinhe Network Technology, a cybersecurity firm allegedly linked to Salt Typhoon's operations. And yet, Gundert says, Recorded Future hasn't seen any cessation or slowdown of the hackers' activities even since that date.
'That's the disappointing part about this,' says Gundert. 'Even with all the attention, we haven't observed any real change in the volume or velocity of attacks, even in the same target demographic of telecommunications.'
After Salt Typhoon's hacking campaign targeting US telecom networks came to light last fall, then FBI director Christopher Wray described the phone company breaches as China's 'most significant cyber-espionage campaign in history.' The intrusions, which in some cases exploited the wiretap mechanisms built into telecoms for law enforcement use, prompted CISA and FBI officials to go so far as to recommend that Americans use end-to-end encrypted communication apps like Signal and WhatsApp to avoid leaving their texts and calls vulnerable to China's real-time spying.
In this latest rash of intrusions, Recorded Future says it's seen the Chinese hackers break into not only the US internet service provider and telecommunications firm and a US affiliate of a UK telecom, but also telecoms in South Africa and Thailand and an internet service provider in Italy, though it declined to name any of those victims. It's also seen the group target a broader range of universities around the world for apparent espionage, including in Argentina, Bangladesh, Indonesia, Malaysia, Mexico, Netherland, Thailand, Vietnam, and the US—including the University of California, California State, Utah Tech, and Loyola University.
Recorded Future says it was able to gain visibility into those intrusions by identifying command-and-control infrastructure used by Salt Typhoon, though it didn't further explain its methodology. The company's analysts note that there may well be other parts of the group's hacking campaign—and other victims—that it hasn't discovered.
'They've only gotten more bold,' says Jon Condra, another Recorded Future analyst. 'I strongly suspect it's much larger than what we've seen.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNBC
14 minutes ago
- CNBC
Taiwan blacklists China's Huawei and SMIC, further aligning with U.S. trade policy
Taiwan has added China's Huawei and SMIC to its trade blacklist in a move that further aligns it with U.S. trade policy and comes amid growing tensions with Beijing. The International Trade Administration of Taiwan added Huawei and SMIC to its "Strategic High-Tech Commodities Entity List," including a host of their subsidiaries. Taiwan's current regulations require licenses from regulators before domestic firms can ship products to parties named on the entity list. Huawei and SMIC, two of China's leading semiconductor companies, are also on a trade blacklist in the United States and have been impacted by Washington's sweeping controls on advanced chips. Companies such as contract chipmaker Taiwan Semiconductor Manufacturing Co already follow U.S. export restrictions. However, the addition of Huawei and SMIC to the Taiwan blacklist is likely aimed at the reinforcement of this policy and a tightening of existing loopholes, Ray Wang, an independent semiconductor and tech analyst, told CNBC. He added that the new domestic export controls could also raise the punishment for any potential breaches in the future. TSMC had been embroiled in controversy in October last year when semiconductor research firm TechInsights found a TSMC-made chip in a Huawei AI training card. Following the discovery, the U.S. Commerce Department ordered TSMC to halt Chinese clients' access to chips used for AI services, according to a report from Reuters. TSMC could also reportedly face a $1 billion as penalty to settle a U.S. investigation into the matter. Huawei has been working to create viable alternatives to Nvidia's general processing units used for AI. However, experts say the company's advancement has been limited by export controls and a lack of scale and advancement in the domestic chip ecosystem. Still, Huawei had been able to acquire several million GPU dies from TSMC for its Ascend chip design by using previous loopholes before they were discovered, according to Paul Triolo, partner and senior vice president for China at advisory firm DGA-Albright Stonebridge Group. A die refers to a small piece of silicon material that serves as the foundation for building processors and contains the intricate circuitry and components necessary to perform computations. The Taiwanese government's crackdown on exports to SMIC and Huawei also comes amid tense geopolitical tensions with Mainland China, which regards the democratically governed island as its own territory to be reunited by force, if necessary. In April, the U.S. reaffirmed its commitment to support the existing status quo as China conducted large-scale military exercises off the coast of the island. In statements reported by state media on Sunday, China's top political adviser Wang Huning echoed Beijing's position, calling for the promotion of national reunification with Taiwan and for resolute opposition to Taiwan independence.
Yahoo
3 hours ago
- Yahoo
TikTok Says In-Stream Shopping Has Increased 120% This Year
This story was originally published on Social Media Today. To receive daily news and insights, subscribe to our free daily Social Media Today newsletter. TikTok has shared some new stats on in-stream shopping engagement in the app, which it says has seen a big rise over the past year. According to TikTok, Americans, in particular, are warming to its TikTok Shop offerings, as it continues to promote its in-app buying options to its billion-plus users. As per TikTok: 'Over the past year, our community of sellers has expanded into more than 750 categories, bringing shoppers an incredible selection of over 70 million products. So far in 2025, our growing community of shoppers, sellers, and creators has driven impressive momentum across the TikTok Shop platform. In the U.S., TikTok Shop sales have increased 120% compared to the same period last year.' TikTok says that womenswear, beauty & personal care, health, sports & outdoors, and electronics are the top sales categories in the app, with TikTok shopping now available in even more regions. 'Today, millions of people are discovering products they love on TikTok through shoppable videos and livestreams from sellers and creators who demonstrate how the products actually work and answer all your questions in real time. In fact, according to a new research by GlobalData and TikTok Shop, 83% of all shoppers say they have discovered a new product on TikTok Shop, and 70% have discovered a new brand.' Those are some impressive numbers, while TikTok also claims that: Brands and creators have hosted over 8 million hours of LIVE shopping sessions in the U.S. 171,000 local and small businesses are now operating TikTok Shops 76% of consumers who've engaged with TikTok Shop bought something from a livestream in the past year. Sales to small U.S. businesses in the app have grown by 70% year-over-year So, livestreams are generating more interest in TikTok shopping, which is also where TikTok has seen significant in-stream sales success in China as well. In order to further fuel this growth, TikTok says that it's adding a new set of 'assortment, content and empowerment tools' in its Seller Center, which are designed to provide tailored, actionable guidance to help sellers attract the right audience. It's also gearing up with new offers for summer's 'Deals for You Days' July 7 – 19), including a 'LIVE Price Match Guaranteed' program, which will enable customers watching select 'Deals for You Days' livestreams to get cash back if they find a lower price off-platform on featured products. Which all sounds positive, all sounds like TikTok's shopping push is headed in the right direction. But even so, the platform is still a long way off from where it envisioned that it would be at this stage. As noted, TikTok's been pushing to get Western audiences excited about in-stream shopping for years, but thus far, TikTok users have been less enamored by the platform's expanded digital shopping mall vision, preferring instead to keep their shopping activities within dedicated shopping apps. In China, however, it's been a much different story. Shopping is now the top revenue stream for Douyin, the Chinese version of the app, with Douyin bringing in $US490 billion in gross merchandise value (GMV) in 2024 alone. Indeed, Douyin is now the third-largest ecommerce platform in China. In comparison, TikTok generated around $US6 billion via in-app spending throughout 2024. Yet even so, that smaller intake is still up 15% year-over-year, so TikTok shopping is catching on, while as TikTok notes, overall shopping engagement in the app is trending up, in various ways. The next step, then, could see TikTok leaning into services, like meal ordering and ride-hailing, direct from the app. Douyin has seen big success with these options, which has helped to get even more money moving through the app's circuits. If more people feel more comfortable spending in the app, that'll lead to more shopping activity, which could help to spark TikTok's in-stream shopping push, as it builds towards its broader revenue goals. Though the signals do remain mixed. TikTok's future in the U.S. is still under a cloud, as the White House works on a sell-off deal, while TikTok also recently restructured its entire U.S. commerce team, after it failed to meet its 2024 targets. So while the data that TikTok's reporting suggests that things are all going well, that everything's all rosy for TikTok's in-app sales push, clearly, they're not exactly where it wants them to be just yet. Can TikTok translate its broader success into becoming an online sales juggernaut in the West? And more specifically, is it worth trying out TikTok Shop for your brand? It is worth noting the broader push here, and considering what's resonating with the TikTok audience.
Business Wire
5 hours ago
- Business Wire
Faraday Future Announces Global Music Legend and Best-Selling Female Artist Mariah Carey will Become the Next FF 91 2.0 Owner
LOS ANGELES--(BUSINESS WIRE)--Faraday Future Intelligent Electric Inc. (NASDAQ: FFAI) ('Faraday Future', 'FF' or 'Company'), a California-based global shared intelligent electric mobility ecosystem company, today announced that award-winning, best-selling female artist of all time and global top music legend Mariah Carey will become the next FF 91 2.0 Futurist Alliance owner. Mariah Carey will take delivery of her FF 91 2.0 soon and just released her new official music video Type Dangerous featuring the FF 91 and FFZERO1 concept car; stay tuned for more updates. The synergy between FF's spire (Ultimate AI Luxury) brand positioning and iconic users continues to grow. This marks the formation of a high-recognition, high-loyalty brand influence loop, and signals that FF has officially entered a new phase of global cultural co-creation. Mariah Carey's addition to the FF celebrity owner family — which already includes numerous high-profile figures — marks yet another superstar and cultural icon member. Moreover, this reinforces FF's growing influence of celebrities, athletes and music icons which reinforce FF's brand power and the extreme product power of the FF 91 2.0 EV. It's not just a luxury vehicle; it's a symbol of futurism, cutting-edge technology, and AI innovation. 'I want to congratulate Mariah Carey on her newly released single and music video release and for becoming the newest owner of the FF 91 2.0,' said YT Jia, FF founder and Global Co-CEO of Faraday Future. 'The FF 91 2.0 represents the pinnacle of Ultimate AI TechLuxury. Having an iconic owner like Mariah Carey reaffirms FF's position in the global EV landscape.' ABOUT FARADAY FUTURE Faraday Future is a California-based global shared intelligent electric mobility ecosystem company. Founded in 2014, the Company's mission is to disrupt the automotive industry by creating a user-centric, technology-first, and smart driving experience. Faraday Future's flagship model, the FF 91, exemplifies its vision for luxury, innovation, and performance. The FX strategy aims to introduce mass production models equipped with state-of-the-art luxury technology similar to the FF 91, targeting a broader market with middle-to-low price range offerings. FF is committed to redefining mobility through AI innovation. Join us in shaping the future of intelligent transportation. For more information, please visit ABOUT MARIAH CAREY Mariah Carey is the best-selling female artist of all time with more than 200 million albums sold to date and 19 Billboard Hot 100 #1 singles (18 self-penned), more than any solo artist in history. Carey - an inductee to the Songwriters Hall of Fame - is a singer, songwriter & producer recognized with multiple Grammy Awards, numerous American Music Awards, three Guinness World Record titles, Billboard's 'Artist of the Decade' Award, Billboard's 'Icon Award,' the World Music Award for 'World's Best Selling Female Artist of the Millennium,' the Ivor Novello Award for 'PRS for Music Special International Award,' and BMI's 'Icon Award' for her outstanding achievements in songwriting, to name a few—with her distinct five-octave vocal range, prolific songwriting, and producing talent, Carey is truly the template of the modern pop performance. Carey's ongoing impact has transcended the music industry to leave an indelible imprint upon the world at large. In 2009, Carey was recognized with the Breakthrough Performance Award at the Palm Spring International Film Festival for her critically acclaimed role in Lee Daniels' 'Precious.' Carey went on to appear in Daniels' ensemble piece 'The Butler' (2013). A Congressional Award recipient, Carey has generously donated her time and energy to a range of philanthropic causes near to her heart including Save the Music, the Make-A-Wish Foundation, World Hunger Relief, and the Elton John AIDS Foundation, among many others. A tremendous supporter of children's charities, both domestic and international, Carey founded Camp Mariah in partnership with the Fresh Air Fund, a retreat for inner city children to explore career development. FORWARD LOOKING STATEMENTS This press release includes 'forward looking statements' within the meaning of the safe harbor provisions of the United States Private Securities Litigation Reform Act of 1995. When used in this press release, the words 'estimates,' 'projected,' 'expects,' 'anticipates,' 'forecasts,' 'plans,' 'intends,' 'believes,' 'seeks,' 'may,' 'will,' 'should,' 'future,' 'propose' and variations of these words or similar expressions (or the negative versions of such words or expressions) are intended to identify forward-looking statements. These forward-looking statements, which include statements regarding the future FF 91 2.0 ownership and collaboration with Mariah Carey, are not guarantees of future performance, conditions or results, and involve a number of known and unknown risks, uncertainties, assumptions and other important factors, many of which are outside the Company's control, that could cause actual results or outcomes to differ materially from those discussed in the forward-looking statements. Important factors, among others, that may affect actual results or outcomes include, among others, that Mariah Carey may choose to not accept the FF 91. You should carefully consider the foregoing factors and the other risks and uncertainties described in the 'Risk Factors' section of the Company's Form 10-K filed with the SEC on March 31, 2025, and other documents filed by the Company from time to time with the SEC.
