Breach cyber

US telecommunications companies

Feb 14, 2025 1 min read
US telecommunications companies

The hacker group known as Salt Typhoon compromised multiple US telecommunications firms, gaining real-time access to American texts and calls, and continued to target telecom and university networks internationally. Utilizing exposed web interfaces on Cisco's IOS devices, they exploited vulnerabilities to establish control and set up private communication channels to steal data. Despite their activities being highlighted, the group remains active, exploiting the telecom infrastructure and compromising sensitive communications.

Source: https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/

TPRM report: https://scoringcyber.rankiteo.com/company/ustci

"id": "ust000021425",
"linkid": "ustci",
"type": "Breach",
"date": "2/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Telecommunications',
                        'location': 'International',
                        'name': ['Multiple US telecommunications firms',
                                 'International telecom and university '
                                 'networks'],
                        'type': 'Organization'}],
 'attack_vector': 'Exploiting vulnerabilities in exposed web interfaces on '
                  "Cisco's IOS devices",
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Texts',
                                              'Calls',
                                              'Sensitive communications']},
 'description': 'The hacker group known as Salt Typhoon compromised multiple '
                'US telecommunications firms, gaining real-time access to '
                'American texts and calls, and continued to target telecom and '
                'university networks internationally. Utilizing exposed web '
                "interfaces on Cisco's IOS devices, they exploited "
                'vulnerabilities to establish control and set up private '
                'communication channels to steal data. Despite their '
                'activities being highlighted, the group remains active, '
                'exploiting the telecom infrastructure and compromising '
                'sensitive communications.',
 'impact': {'data_compromised': ['Texts', 'Calls', 'Sensitive communications'],
            'systems_affected': ["Cisco's IOS devices"]},
 'initial_access_broker': {'entry_point': "Exposed web interfaces on Cisco's "
                                          'IOS devices',
                           'high_value_targets': ['Telecom infrastructure',
                                                  'Sensitive communications']},
 'motivation': 'Data theft, espionage',
 'post_incident_analysis': {'root_causes': "Exposed web interfaces on Cisco's "
                                           'IOS devices'},
 'threat_actor': 'Salt Typhoon',
 'title': 'Salt Typhoon Hack on US Telecommunications Firms',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Cisco IOS vulnerabilities'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Helsinki

public 1 min read
A data breach affecting Helsinki, Finland’s capital and largest employer, exposed sensitive personal data of over 300,000 people.…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.