By Nermeen Nabil Khear 
- Cisco reveals Salt Typhoon used CVE-2018-0171 to breach target networks
- It needed login credentials, first
- The attackers are highly sophisticated and well-funded, Cisco said
Chinese state-sponsored threat actor Salt Typhoon was abusing a vulnerability in the Smart Install feature of Cisco IOS software and Cisco IOS XE software to compromise US telecoms networks, experts have confirmed.
In a new blog post, Cisco said it found evidence of Salt Typhoon abusing CVE-2018-0171, a 9.8/10 (critical) vulnerability that allows threat actors to execute arbitrary code on an affected device.
“The threat actor then demonstrated their ability to persist in target environments across equipment from multiple vendors for extended periods, maintaining access in one instance for over three years,” Cisco Talos said.
Large-scale espionage
The researchers described the threat actors as “highly sophisticated” and “well-funded”, adding, “The long timeline of this campaign suggests a high degree of coordination, planning, and patience — standard hallmarks of advanced persistent threat (APT) and state-sponsored actors.”
To be able to exploit this vulnerability, Salt Typhoon first needed valid login credentials, which it was somehow able to acquire. The researchers have their suspicions on how: “In addition, we have observed the threat actor capturing SNMP, TACACS, and RADIUS traffic, including the secret keys used between network devices and TACACS/RADIUS servers,” Cisco said. “The intent of this traffic capture is almost certainly to enumerate additional credential details for follow-on use.”
In late October 2024, the FBI and CISA warned about multiple major US telecom providers having been breached by Salt Typhoon.
The statement noted, “The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.”
As the investigation progressed, by December 2024 the researchers found that at least eight major US telecoms were breached, including T-Mobile, Verizon, AT&T, and Lumen Technologies together with countless others around the world.
Via The Hacker News
You might also like
- Salt Typhoon telecom victims rises to 8, with ‘dozens’ of countries affected
- We’ve rounded up the best password managers
- Take a look at our guide to the best authenticator app
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.