The hacker group known as Salt Typhoon compromised multiple US telecommunications firms, gaining real-time access to American texts and calls, and continued to target telecom and university networks internationally. Utilizing exposed web interfaces on Cisco's IOS devices, they exploited vulnerabilities to establish control and set up private communication channels to steal data. Despite their activities being highlighted, the group remains active, exploiting the telecom infrastructure and compromising sensitive communications.
TPRM report: https://scoringcyber.rankiteo.com/company/ustci
"id": "ust000021425",
"linkid": "ustci",
"type": "Breach",
"date": "2/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Telecommunications',
'location': 'International',
'name': ['Multiple US telecommunications firms',
'International telecom and university '
'networks'],
'type': 'Organization'}],
'attack_vector': 'Exploiting vulnerabilities in exposed web interfaces on '
"Cisco's IOS devices",
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Texts',
'Calls',
'Sensitive communications']},
'description': 'The hacker group known as Salt Typhoon compromised multiple '
'US telecommunications firms, gaining real-time access to '
'American texts and calls, and continued to target telecom and '
'university networks internationally. Utilizing exposed web '
"interfaces on Cisco's IOS devices, they exploited "
'vulnerabilities to establish control and set up private '
'communication channels to steal data. Despite their '
'activities being highlighted, the group remains active, '
'exploiting the telecom infrastructure and compromising '
'sensitive communications.',
'impact': {'data_compromised': ['Texts', 'Calls', 'Sensitive communications'],
'systems_affected': ["Cisco's IOS devices"]},
'initial_access_broker': {'entry_point': "Exposed web interfaces on Cisco's "
'IOS devices',
'high_value_targets': ['Telecom infrastructure',
'Sensitive communications']},
'motivation': 'Data theft, espionage',
'post_incident_analysis': {'root_causes': "Exposed web interfaces on Cisco's "
'IOS devices'},
'threat_actor': 'Salt Typhoon',
'title': 'Salt Typhoon Hack on US Telecommunications Firms',
'type': 'Data Breach',
'vulnerability_exploited': 'Cisco IOS vulnerabilities'}