System Update

Inside Salt Typhoon’s Hacks, While They’re Inside Our Telecoms

A hacking group called Salt Typhoon is targeting telecoms worldwide, and if you use Internet or phone services, their attacks are almost certainly affecting you. Let’s break it down in plain English.

Imagine your Internet provider as a highway for your data. You expect your toll tags and radar traps are being run by government officials, right? Tech reports reveal Salt Typhoon, a Chinese state-backed group, has been breaching telecom giants like Viasat and networks in the U.S. and Canada since 2023. They exploit old flaws in Cisco routers, often unpatched for years, using stolen admin credentials to access configuration files and map entire networks.

In 2024, they dwelled in a U.S. National Guard network for nine months, stealing military plans, personnel records, and sensitive communications, including troop movement data. They hit Viasat’s satellite systems, grabbing call logs, geolocation data, and corporate emails, disrupting critical services like military and emergency communications.

In Canada, the first confirmed non-U.S. target, they breached telecoms by exploiting Cisco gear, redirecting traffic to steal customer data, including billing details and browsing histories.

Their methods include phishing emails with malicious links that install backdoors, unpatched router bugs, and fake VPN logins mimicking legitimate portals to capture credentials. They deploy custom malware, like GhostStream, to stay hidden, monitor traffic, or exfiltrate data silently. They’ve targeted 70+ U.S. entities, government agencies, telecoms, and critical infrastructure like power grids, aiming to disrupt communications or spy on operations.

Once inside, they pivot to connected systems, exploiting weak passwords or outdated software to expand access across servers and endpoints. Their persistence lets them re-enter networks using stolen keys, even after detection, by planting secondary backdoors. They also manipulate router logs to hide their tracks, making breaches hard to spot.

These attacks hit everyone. If you use telecom services for work calls or online banking, a breach could expose your conversations, redirect you to fake sites, or steal your passwords and client data.

At CyberStreams, we’re passionate about shielding your digital highway from these silent invaders.

I’ve put together three takeaways and next steps:

1. Use Encrypted Connections
Always browse with a VPN to protect data from anyone, even telecom provider from seeing it.

2. Monitor Network Traffic
Monitor constantly for unusual activity on your router. Our Managed Network Appliances and SOC services detect intrusions.

3. Train Staff on Phishing
Educate teams to spot fake emails. Our training, weekly 2-minute micro trainings, and newsletters maintain cyber awareness.

Link to original story: https://cyberstreams.com/blog/b/insid...