Credit: The original article is published here.
- Canadian telecom firms have been hit with a cyberattack
- Chinese threat actor Salt Typhoon is suspected to be behind the attacks
- Hackers exploited an existing Cisco flaw to gain access
The Canadian Centre for Cyber Security, alongside the FBI, have confirmed hackers were able to gain access to three network devices registered to a Canadian Telecommunications company.
“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon,” The Canadian Centre for Cybersecurity said in a statement.
This isn’t unfamiliar territory for Salt Typhoon, as the group compromised at least eight US telco giants earlier in 2025, with the hackers allegedly having access to these networks for months in a mass surveillance campaign affecting dozens of countries and targeting several high-level officials.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura’s upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
A long running campaign
The hackers, apparently exploited a high severity Cisco flaw, tracked as CVE-2023-20198 to gain access, allowing them to retrieve running configuration files from the compromised devices, which were then modified in order to create a GRE tunnel, enabling traffic collection from the network the devices were connected to.
A patch for this flaw has been available since October 2023, which indicates a serious security oversight in Canadian Telecom cybersecurity.
The threat actors most likely targeted these devices in order to ‘collect information from the victim’s internal network, or use the victim’s device to enable the compromise of further victims,’ which could explain how Salt Typhoon has been so successful in compromising large organizations.
“While our understanding of this activity continues to evolve, we assess that PRC cyber actors will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years,” the statement confirms.
Telecommunication companies are a high-priority for threat actors as they store large amounts of customer data and have useful intelligence value for cyber-espionage campaigns.
Via: ArsTechnica
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- “No evidence” – here’s why the massive 16 billion record data breach may not be as bad as first thought
