The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued a stark warning regarding cyber attacks conducted by actors linked to China, identified as Salt Typhoon. The advisory reveals that these hackers have been attempting to breach major global telecommunications providers as part of an extensive cyber espionage campaign. The attacks exploit a critical vulnerability in Cisco IOS XE software, with a CVSS score of 10.0, allowing unauthorized access to configuration files from multiple network devices registered with a Canadian telecommunications company.
In mid-February 2025, the attackers successfully accessed sensitive configuration files and are believed to have modified at least one file to establish a Generic Routing Encapsulation (GRE) tunnel. This maneuver enables them to siphon off traffic from the corporate network. While the identity of the targeted telecommunications company remains undisclosed, authorities stress that the implications of these attacks are serious and could extend beyond the telecommunications sector.
The agencies underscore the threat posed by targeted Canadian devices, which may empower these bad actors to collect confidential information and leverage it to penetrate additional networks. They indicated that while some activities appear limited to network reconnaissance, the possibility of further intrusions is alarming.
The recent findings align with a report from Recorded Future, which indicated that Salt Typhoon had previously exploited other vulnerabilities to infiltrate telecommunications and internet firms in countries including the U.S., South Africa, and Italy. Utilizing these entry points, the hackers have established GRE tunnels for prolonged access and data extraction.
In related developments, the U.K. National Cyber Security Centre (NCSC) has alerted the public about two malware families, SHOE RACK and UMBRELLA STAND, specifically targeting Fortinet devices. These findings highlight the ongoing risk to cybersecurity infrastructure worldwide, further emphasizing the need for continuing vigilance against advanced persistent threats.
For further details regarding cyber threats and tools, visit the Cyber Centre’s advisory and see the full analysis of Recorded Future’s reporting.