China’s Salt Typhoon Hackers Exploit Cisco Vulnerabilities to Breach Global Telecoms and Universities

The state-backed group targeted unpatched devices in over 1,000 attempts, compromising networks in multiple countries despite U.S. sanctions.

Salt Typhoon, a Chinese government-linked hacking group, breached at least seven telecom and internet service providers across the U.S., UK, Italy, South Africa, and Thailand between December 2024 and January 2025.
The group exploited two known vulnerabilities in Cisco IOS XE software—CVE-2023-20198 and CVE-2023-20273—to gain initial access and escalate privileges on unpatched devices.
In addition to telecoms, Salt Typhoon targeted over a dozen universities globally, including institutions in the U.S., Argentina, Bangladesh, and Vietnam, likely to access research in telecommunications and technology.
The U.S. government imposed sanctions in January 2025 on Sichuan Juxinhe Network Technology, a company linked to Salt Typhoon, but researchers report no slowdown in the group's activities.
Security experts warn that Salt Typhoon’s continued targeting of critical infrastructure highlights the need for international cooperation and stricter cybersecurity measures.