Tuesday, June 24, 2025
Latest:
News

Suspected Chinese State Hackers Breach Canadian Telecom After 16-Month-Old Cisco Flaw Left Unpatched

seanhackacademy

Canada’s top cyber-security agency has confirmed that Salt Typhoon—a hacking group linked to China’s People’s Liberation Army—penetrated the network of an unnamed Canadian telecommunications provider in mid-February by exploiting a critical Cisco vulnerability that was patched in October 2023.

How the breach happened

Investigators say the attackers leveraged CVE-2023-20198, a 10-out-of-10-severity flaw in Cisco IOS XE software, to pull configuration files from three edge devices and modify at least one file to establish a GRE tunnel. The tunnel provided covert, ongoing visibility into the carrier’s internal traffic.

Cisco had released a fix one week after researchers first disclosed mass exploitation of the bug in late 2023, but the Canadian provider failed to apply it—leaving the door open for Salt Typhoon 16 months later.

A wider espionage campaign

Salt Typhoon was earlier connected to hacks on major U.S. carriers—including Verizon and AT&T—where intruders reportedly monitored lawful-intercept wiretap systems for months without detection. Canada’s Cyber Centre now warns that the same toolkit is aimed at additional domestic targets beyond telecom, citing overlaps with malicious indicators found in other sectors.

Both the Centre and the FBI issued joint advisories on Monday, predicting that Chinese state actors “will almost certainly continue to target Canadian organisations, including telecom service providers and their clients, over the next two years.”

A preventable lapse

Security analysts are calling the incident a stark reminder of the cost of delayed patching. “When a CVSS-10 flaw in critical infrastructure gear stays unpatched for more than a year, exploitation is a matter of when, not if,” said Max-Erik Lavoie of vulnerability-tracking firm VulnCheck, which first rang alarm bells about CVE-2023-20198.

Cisco later revealed that Salt Typhoon layered additional exploits—CVE-2018-0171, CVE-2023-20273 and CVE-2024-20399—to maintain persistence during its 2024 campaign.

Mitigation steps urged

The Cyber Centre is advising all Canadian telecoms to:

  • Patch or upgrade any IOS XE devices exposed to the internet

  • Disable the HTTP/HTTPS server feature if not essential

  • Inspect configs for rogue GRE tunnels or suspicious user accounts

  • Monitor for outbound traffic to known Salt Typhoon command-and-control endpoints

Bigger picture

The breach underscores a broader geopolitical struggle playing out across critical-infrastructure networks worldwide. Western intelligence agencies have repeatedly warned that Beijing-backed groups are “pre-positioning” inside telecom and energy grids to gain leverage in any future conflict.

For Canadian consumers and enterprises that rely on always-on connectivity, the episode is a cautionary tale: even a single unpatched router can become a state-sponsored foothold—turning phone calls, texts and enterprise data into low-hanging fruit for espionage.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *