Despite significant scrutiny and even sanctions from the U.S. government, the Chinese hacking group known as Salt Typhoon continues to infiltrate telecommunications networks both domestically and globally. Recent reports from cybersecurity firm Recorded Future detail the hackers’ ongoing activities, revealing breaches in multiple telecoms and internet service providers, including two U.S. firms and more than a dozen universities spanning countries from the U.S. to Vietnam.
Salt Typhoon, which Recorded Future refers to as RedMike, has targeted the vulnerabilities within Cisco’s IOS software that operates on various networking devices. By exploiting these vulnerabilities, the hackers gain initial access to the devices, eventually acquiring full control over the network infrastructure they infiltrate. Researchers have identified over 12,000 exposed Cisco devices, from which the attackers have focused their efforts on several targeted telecoms and university networks.
The continued intrusions are alarming, especially considering the publicity surrounding previous attacks that compromised communication systems and private data. Despite the U.S. Treasury’s January 2025 sanctions against a firm linked to Salt Typhoon, there has been no observed reduction in the group’s hacking frequency or scope. Notably, these breaches have also included telecoms from South Africa, Thailand, and Italy, alongside various universities worldwide.
Cybersecurity analysts emphasize that the group’s methods are indicative of a broader trend in cyberespionage, where hackers exploit known vulnerabilities in network devices—often overlooked in terms of security measures compared to traditional computing systems. Even amidst intensified scrutiny, Salt Typhoon appears unperturbed, suggesting a more extensive and determined operational strategy that remains to be fully uncovered.
In light of these developments, U.S. officials have recommended that citizens utilize end-to-end encryption applications such as Signal and WhatsApp to protect their private communications from potential surveillance due to these persistent espionage efforts.
