When the Chinese hacker group was called Salt Typhoon was revealed last fall to have penetrating deep into major US telecommunications companiesViolations are not less than nine people carrying their phones and accessing American documents and calls in the hack campaign that the US government considers a four reporting fire. However, even after the high -end exposure of hackers, they continued to break into telecommunication networks worldwide, including more in the US.
Researchers at the Cyber Security Company recorded the future on Wednesday night revealed in a report that they saw Salt Typhoon violating five telecommunications and Internet service providers around the world, Like more than a dozen universities from Utah to Vietnam, all from December to January. The company's analysts, they refuse to name the victims, Wired, houses, houses Providing Internet services and telecommunications companies and other subsidiaries of the United States, the company's analysts, they refused to name them for Wired.
Levi Gundert, who has established a future research team called Insika Group, said they were very active, and they continued super dynamic, Levi Gundert, the leader recorded the research team of the research team. The future is called insikt group. I think only one underestimation about how active they are in turning telecommunications networks into Swiss cheese.
To carry out this latest invasion campaign, Salt Typhoon, recorded the future music under its proper name, Redmike, instead of processing Typhoon created by Microsoft, has targeted the web interfaces. Contact the Internet of Cisco's iOS software, run on the giant's router network and the giant's conversion. The hackers have exploited two different holes in the code of those devices, one of them allows the initial access and another hole to provide original privileges, helping hackers completely control one device. Being strong often has access to the victim's network.
Whenever you are embedded in infrastructure networks such as routers, you have the key to the kingdom in what you can access and observe and appear, Mr. Gund Gundert said.
Recording in the future has found more than 12,000 Cisco devices with web interface displayed online and says that hackers target more than one thousand devices installed in networks around the world. Among them, they seem to focus on a smaller collection of telecommunication networks and universities that the Cisco devices they successfully exploit. For selected goals, salt storms have configured the hacked Cisco devices to connect with the command servers and control of hackers through the overall routing packaging or GRE tunnels , a protocol used to set up private contact channels and then access and steal their data.
When the wire has access to Cisco to comment, the company pointed out one Security advice It published the gaps in the web interface of iOS software by 2023.
Hacking network devices as points to targeted victims, regularly exploiting known gaps that the owner of the device has failed in patching has become a standard operation process for Salt Typhoon and Other Chinese hack groups. It is partly because these network devices lack more security controls and surveillance software expanded for more traditional computing devices such as servers and PCs. Record future notes in their reports that sophisticated Chinese spy groups target those vulnerable network devices as a main penetration technique for at least five years.