Salt Typhoon Crew Hacks Telcos Worldwide China Targets UCLA Research

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Hey there, I'm Ting, and welcome to Digital Dragon Watch, your weekly dose of China cyber alerts. Let's dive right in.

Over the past week, we've seen some significant developments in China's cyber espionage efforts. The Salt Typhoon crew, a Chinese government-backed hacking group, has been busy exploiting vulnerabilities in Cisco devices to compromise global telecom providers and other organizations. According to Recorded Future's Insikt Group, they successfully broke into at least seven unpatched devices linked to US, UK, Italian, South African, and Thai telecom firms between December 2024 and January 2025[1].

These intrusions gave China intimate access to people's internet activities, movements, and communications. The group likely compiled a list of target devices based on their association with telecommunications providers' networks. They even targeted universities, including UCLA, to access research related to telecommunications, engineering, and technology.

The Salt Typhoon crew combined two critical privilege escalation vulnerabilities in Cisco's tech, CVE-2023-20198 and CVE-2023-20273, to gain root privileges on the devices. This allowed them to add a generic routing encapsulation tunnel for persistent access to the victim's network.

US officials continue to uncover and assess these attacks, which have given China broad and full access to Americans' data and the capability to geolocate millions of individuals. Deputy National Security Advisor for Cyber Anne Neuberger noted that these breaches have significant implications for national security[2].

In other news, China's escalating cyberattacks on US infrastructure have highlighted differences in responses between the Biden and Trump administrations. The incoming administration aims to reduce the government's role in cybersecurity but increase its offensive actions. Meanwhile, US officials are bracing for more sophisticated attacks, with David Sedney, former deputy assistant secretary of defense, warning that things will get worse before they get better[2].

On the legislative front, China has been cracking down on companies that fail to fulfill their cybersecurity protection responsibilities. The Nanning Cybersecurity Brigades penalized five companies for violating Article 21 of the Cybersecurity Law, while the Zhengzhou CAC imposed administrative penalties on two companies for failing to meet cybersecurity obligations[4].

To protect against these threats, experts recommend staying up-to-date with patches and implementing robust cybersecurity measures. It's crucial to monitor networks for suspicious activity and educate employees on cybersecurity best practices.

That's all for this week's Digital Dragon Watch. Stay vigilant, and we'll catch you in the next episode.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta