Particle.news
Download on the App Store
3 ARTICLES
·
2d ago

Salt Typhoon Exploits Long-Patched Cisco Flaw to Breach Canadian Telecom

Salt Typhoon exploited a Cisco iOS XE flaw patched in October 2023 to breach networks for covert traffic collection.

Image
A motherboard has been photoshopped to include a Chinese flag.

Overview

  • In mid-February 2025, Salt Typhoon used CVE-2023-20198 to compromise three network devices at a Canadian telecom provider, retrieving and altering configuration files to establish GRE tunnels.
  • The critical Cisco iOS XE vulnerability had been disclosed in October 2023 and patched within a week, but numerous telecom operators failed to apply updates.
  • Salt Typhoon previously breached US telecom firms including Verizon and AT&T, using sustained covert access to monitor wiretap systems and other internet traffic.
  • The Canadian Centre for Cyber Security and the FBI have confirmed the state-sponsored nature of the attacks and warn that similar intrusions are almost certain over the next two years.
  • Telecommunications networks remain high-value espionage targets because they handle call metadata, location data and government communications, highlighting the urgency of timely patching and stronger defenses.