TZUTC: -0500   
   MSGID: 1189.consprcy@1:2320/105 2cc1346c   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Top Canadian telecom firms may have been hit by Chinese Salt Typhoon hackers   
      
   Date:   
   Tue, 24 Jun 2025 15:03:00 +0000   
      
   Description:   
   Hackers have seemingly used a Cisco flaw to gain access to telco network.   
      
   FULL STORY   
      
   The Canadian Centre for Cyber Security, alongside the FBI, have confirmed   
   hackers were able to gain access to three network devices registered to a   
   Canadian Telecommunications company.    
      
   The Cyber Centre is aware of malicious cyber activities currently targeting   
   Canadian telecommunications companies. The responsible actors are almost   
   certainly PRC state-sponsored actors, specifically Salt Typhoon, The Canadian   
   Centre for Cybersecurity said in a statement.    
      
   This isnt unfamiliar territory for Salt Typhoon, as the group compromised at   
   least eight US telco giants earlier in 2025, with the hackers allegedly    
   having access to these networks for months in a mass surveillance campaign   
   affecting dozens of countries and targeting several high-level officials.    
      
   A long running campaign   
      
   The hackers, apparently exploited a high severity Cisco flaw, tracked as   
   CVE-2023-20198 to gain access, allowing them to retrieve running    
   configuration files from the compromised devices, which were then modified in   
   order to create a GRE tunnel, enabling traffic collection from the network    
   the devices were connected to.    
      
   A patch for this flaw has been available since October 2023, which indicates    
   a serious security oversight in Canadian Telecom cybersecurity.    
      
   The threat actors most likely targeted these devices in order to collect   
   information from the victims internal network, or use the victims device to   
   enable the compromise of further victims, which could explain how Salt    
   Typhoon has been so successful in compromising large organizations.    
      
   While our understanding of this activity continues to evolve, we assess that   
   PRC cyber actors will almost certainly continue to target Canadian   
   organizations as part of this espionage campaign, including    
   telecommunications service providers and their clients, over the next two   
   years, the statement confirms.    
      
   Telecommunication companies are a high-priority for threat actors as they   
   store large amounts of customer data and have useful intelligence value for   
   cyber-espionage campaigns.    
      
    Via: ArsTechnica   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/top-canadian-telecom-firms-may-have-bee   
   n-hit-by-chinese-salt-typhoon-hackers   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426