- Canadian Telecom Firms have been hit by a cyberattack
- Chinese threat actor salt typhoon is suspected of being behind the attacks
- Hackers utilized an existing Cisco error to access
The Canadian Center for Cyber Security, along with the FBI, has confirmed that hackers were able to access three network devices registered for a Canadian telecommunications company.
“Cyber Center is aware of malicious cyber activities currently aimed at Canadian telecommunications companies. The responsible actors are almost certainly PRC-state-supported actors, specifically Salt Typhon,” the Canadian Center for CyberSecurity said in a statement.
This is not unknown territory for Salt Typhon, as the group compromised at least eight US Telco giants earlier in 2025, with the hackers allegedly accessing these networks for several months in a mass surveillance campaign affecting dozens of countries and targeting more officials at high level.
A long -lasting campaign
Hackers, apparently, utilized a Cisco error with high difficulty, the track as CVE-2023-20198 to gain access, enabling them to retrieve running configuration files from the compromised devices, which were then changed to create a GRE tunnel, enabling traffic collection from the network to which the units were connected.
A patch for this error has been available since October 2023, indicating a serious security supervision in Canadian Telecommunications Security.
The threat actors probably targeted these devices to ‘collect information from the victim’s internal network or use the victim’s device to enable compromise on additional victims’, which could explain how Salt Typhoon has been so successful in compromising large organizations.
“While our understanding of this activity continues to develop, we believe that CRC Cyber players will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients over the next two years,” the statement confirms.
Telecommunications companies are a high priority for threat actors as they store large quantities of customer data and have useful intelligence value for cyber-espionage campaigns.
Via: Arstechnica
