Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Chinese hackers engaged in espionage and data collection via compromised Cisco network devices earlier this year – and aren’t likely to stop soon.
The Canadian Centre for Cyber Security (Cyber Centre) and the United States FBI have released a joint advisory warning of a Chinese cyber espionage campaign targeting Canadian telecommunications providers.
Based on separate investigations, the Canadian Cyber Centre believes Salt Typhoon is the threat actor likely behind the malicious activity, and based on intelligence shared by other partners, it’s also highly likely that other Canadian entities outside of the telco sector are also being targeted.
Actors linked to Salt Typhoon compromised three network devices registered to a Canadian telco in February 2025. The hackers exploited CVE-2023-20198, a bug in Cisco’s IOS XE Software that was first reported in 2023 and patched soon after.
Using this vulnerability, the hackers were able to create a GRE tunnel that let them collect traffic from the telco’s network.
“Targeting of Canadian devices may allow the threat actors to collect information from the victim’s internal network, or use the victim’s device to enable the compromise of further victims,” the advisory said.
“In some cases, we assess that the threat actors’ activities were very likely limited to network reconnaissance.”
The Cyber Centre believes Chinese cyber espionage activity is likely to last for at least two years, targeting telcos and their clients. State-sponsored activity commonly targets telcos in order to gather customer data in bulk and to track high-value targets, including government officials.
In 2024, officials from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Chinese hackers, likely Salt Typhoon, exfiltrated the call data of US government officials after AT&T, Verizon, and Lumen Technologies had all been compromised by the threat actor the month before.
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders,” officials said at the time.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
