TZUTC: -0500
MSGID: 1189.consprcy@1:2320/105 2cc1346c
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Top Canadian telecom firms may have been hit by Chinese Salt Typhoon hackers

Date:
Tue, 24 Jun 2025 15:03:00 +0000

Description:
Hackers have seemingly used a Cisco flaw to gain access to telco network.

FULL STORY

The Canadian Centre for Cyber Security, alongside the FBI, have confirmed
hackers were able to gain access to three network devices registered to a
Canadian Telecommunications company. 

The Cyber Centre is aware of malicious cyber activities currently targeting
Canadian telecommunications companies. The responsible actors are almost
certainly PRC state-sponsored actors, specifically Salt Typhoon, The Canadian
Centre for Cybersecurity said in a statement. 

This isnt unfamiliar territory for Salt Typhoon, as the group compromised at
least eight US telco giants earlier in 2025, with the hackers allegedly 
having access to these networks for months in a mass surveillance campaign
affecting dozens of countries and targeting several high-level officials. 

A long running campaign

The hackers, apparently exploited a high severity Cisco flaw, tracked as
CVE-2023-20198 to gain access, allowing them to retrieve running 
configuration files from the compromised devices, which were then modified in
order to create a GRE tunnel, enabling traffic collection from the network 
the devices were connected to. 

A patch for this flaw has been available since October 2023, which indicates 
a serious security oversight in Canadian Telecom cybersecurity. 

The threat actors most likely targeted these devices in order to collect
information from the victims internal network, or use the victims device to
enable the compromise of further victims, which could explain how Salt 
Typhoon has been so successful in compromising large organizations. 

While our understanding of this activity continues to evolve, we assess that
PRC cyber actors will almost certainly continue to target Canadian
organizations as part of this espionage campaign, including 
telecommunications service providers and their clients, over the next two
years, the statement confirms. 

Telecommunication companies are a high-priority for threat actors as they
store large amounts of customer data and have useful intelligence value for
cyber-espionage campaigns. 

 Via: ArsTechnica

======================================================================
Link to news story:
https://www.techradar.com/pro/security/top-canadian-telecom-firms-may-have-bee
n-hit-by-chinese-salt-typhoon-hackers

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426