Telecom Titans Targeted: China's Salt Typhoon Strikes Again!

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Hey there, I'm Ting, and welcome to Digital Dragon Watch, your weekly dose of China cyber alerts. Let's dive right in.

Over the past week, we've seen some significant developments in the world of China-backed cyber threats. The Salt Typhoon group, also known as RedMike, has been on a hacking spree, compromising five more telecom providers globally, including two U.S.-based companies[1]. They've been exploiting unpatched Cisco edge devices, specifically CVE-2023-20198 and CVE-2023-20273, to gain root access. This is a big deal, folks, as these vulnerabilities were disclosed back in October 2023 and have already compromised thousands of devices.

The Insikt Group at Recorded Future has been tracking these attacks and found that more than half of the targeted Cisco devices were located in the U.S., South America, and India. They also identified over 12,000 Cisco devices with exposed web user interfaces, making them easy prey for Salt Typhoon[1].

But it's not just telecom companies that are at risk. Salt Typhoon has also been targeting universities, including UCLA, Loyola Marymount University, Utah Tech University, and California State University, likely to access research in areas like telecommunications, engineering, and technology[1].

Now, let's talk about the U.S. government's response. The FY 2025 National Defense Authorization Act includes provisions to address potential security risks linked to Chinese-origin technology, such as routers and modems from manufacturers like Huawei and ZTE[2]. The House Armed Services Committee has also directed the Department of Defense to assess the risk of these devices being exploited by malware to compromise DoD systems.

In related news, the FBI and CISA have been investigating Salt Typhoon's activities, which have resulted in the theft of a large amount of records, including data about customers' communications[4]. The threat group has also compromised private communications, including audio and text content, of targeted individuals involved in government or political activities.

So, what can you do to protect yourself? First, make sure to patch those Cisco devices ASAP. Also, be cautious when using personal mobile devices and applications, especially those tied to China and other adversarial nations[2]. And, as always, stay vigilant and keep an eye out for suspicious activity.

That's all for now, folks. Stay safe out there, and I'll catch you in the next episode of Digital Dragon Watch.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta