Salt Typhoon, a Chinese state-backed hacking group, remains active despite U.S. sanctions. The group continues to infiltrate telecom providers worldwide, exploiting vulnerabilities to access sensitive data.
Persistent Cyber Threat
Despite U.S. sanctions, the Chinese state-linked hacking group Salt Typhoon (also known as RedMike) continues to breach telecom providers worldwide, according to a report by Recorded Future.
Ongoing Attacks on Global Telecoms
Between December 2024 and January 2025, Salt Typhoon infiltrated five telecom firms across the U.S., U.K., Italy, South Africa, and Thailand. The group also conducted reconnaissance on Myanmar’s Mytel telecom infrastructure.
Targeting Critical Infrastructure
Salt Typhoon exploited vulnerabilities (CVE-20232-0198 and CVE-2023-20273) in unpatched Cisco devices, compromising over 1,000 systems globally, with a focus on telecom networks. Universities like UC and Utah Tech were also targeted, likely for research data on telecommunications and technology.
Sanctions Fail to Deter Attacks
In January, the U.S. sanctioned Sichuan Juxinhe Network Technology, linking it to Salt Typhoon. However, researchers believe the group will persist in targeting global telecom infrastructure.
