June 23, 2025 By Bill Toulas
The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February.
During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges.
The flaw was first disclosed in October 2023, when it was reported that threat actors had exploited it as a zero-day to hack over 10,000 devices.
Despite a significant period having passed, at least one major telecommunications provider in Canada still hadn't patched, giving Salt Typhoon an easy way to compromise devices.
"Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025," reads the bulletin.
"The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network."
