The Chinese hacker group, Salt Typhoon, has reportedly been exploiting vulnerabilities in routers of Cisco CSCO. The group continues to breach telecom networks and universities globally, according to a recent report.
What Happened: Recorded Future, a Cybersecurity firm has disclosed that Salt Typhoon had infiltrated five telecom and internet service providers globally. The group also compromised more than a dozen universities, spanning from Utah to Vietnam, between December and January. Among the affected entities are a U.S. internet service provider, a telecom company, and a U.S.-based subsidiary of a UK telecom firm.
Levi Gundert, head of Recorded Future’s research team, Insikt Group, said that Salt Typhoon remains highly active. The group has taken advantage of vulnerabilities in Cisco’s IOS software, which powers the company’s routers and switches, to gain complete control over targeted networks. Salt Typhoon is also tracked as RedMike by the Insikt Group. The report indicates that RedMike has attempted to access more than 1,000 Cisco network devices in the period from December 2024 to January 2025.
Cisco did not immediately respond to Benzinga’s request for comment.
Analysts at Recorded Future have reported that Chinese hackers have infiltrated not only U.S. telecom companies but also telecom networks in South Africa, Thailand, and an Italian internet service provider. Additionally, the group has targeted a wide range of universities worldwide, seemingly for espionage purposes.
RedMike may have targeted these universities to gain access to research in telecommunications, engineering, and technology, with a focus on institutions such as UCLA and TU Delft, revealed the report.
SEE ALSO: Top 3 Tech & Telecom Stocks That Could Lead To Your Biggest Gains This Quarter
Why It Matters: The activities of Salt Typhoon have been under scrutiny for some time. In December, nine U.S. telecom firms were hacked as part of Salt Typhoon’s campaign. The hackers gained access to the private communication of an unknown number of Americans, according to Anne Neuberger, the U.S. deputy national security advisor for cyber and emerging technology.
Shortly after, AT&T Inc T and Verizon Communications VZ announced that their networks were secure following a cyberespionage attack by Salt Typhoon, marking the first acknowledgment by the companies of the breach.
Despite media coverage, government reports, and sanctions from the U.S. Treasury, Salt Typhoon remains undeterred. Analysts at Recorded Future believe the group’s hacking campaign and victim list may be larger than what they have discovered so far.
The Trump administration has pledged to retaliate against China for the cyberattacks, advocating for a more aggressive deterrent strategy in cyberspace, though no concrete plan has been implemented yet. Meanwhile, China has consistently denied Beijing’s involvement in cyberattacks on U.S. systems and resorts to blaming the U.S. for exploiting Chinese networks
Image via Shutterstock
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
