Cisco’s Networking Academy, a global initiative aimed at training students in IT networking and cybersecurity, has come under scrutiny following revelations regarding two individuals linked to the Chinese state-sponsored hacker group known as Salt Typhoon. This group has been responsible for significant cyber espionage, including infiltrating multiple telecom companies and exploiting vulnerabilities in Cisco’s products.
Recent investigations by Dakota Cary from cybersecurity firm SentinelOne have identified two individuals, Qiu Daibing and Yu Yang, as partial owners of firms connected to Salt Typhoon. Notably, their names also surfaced in a US government advisory associated with the group, citing their involvement in these cyber activities. Cary discovered that both individuals were participants in Cisco’s Networking Academy Cup, a competition designed to test the knowledge of students trained through the program.
Cary speculated on the implications of these findings, suggesting it is alarming that students who benefited from Cisco’s educational contributions could later engage in hacking activities against the same organization. He noted that two students emerging from a training program could pivot to orchestrating extensive data collection campaigns against telecoms—an eerie intersection of education and exploitation.
In response to inquiries, Cisco described its Networking Academy as a program designed to provide foundational skills in technology, stating it has served over 28 million students since its inception in 1997. The academy includes a range of courses, including those focused on cybersecurity and ethical hacking. However, details about whether Qiu and Yu participated in such courses remain unclear.
Cary’s investigation began when the Cybersecurity and Infrastructure Security Agency, alongside multiple U.S. government bodies, issued an advisory linking three specific companies to Salt Typhoon. Cary traced corporate records revealing that Qiu owned 45% of one company while Yu held the majority ownership stake in another. Their collaboration extended to jointly filing patents, indicating a deeper involvement beyond mere ownership.
Further research led Cary to find records from Southwestern Petroleum University, confirming their participation in the Cisco Networking Academy Cup, where they ranked highly. The uniqueness of their names coupled with their shared background enhanced the likelihood that these individuals were indeed the same ones connected to Salt Typhoon.
Cary speculated on the broader implications of his findings, emphasizing that Cisco’s program itself isn’t at fault but raising concerns about the accessibility of training in a globalized market. As China pursues the replacement of Western technology within its networks, the revelation of these links could stoke concerns regarding the potential for trained individuals to use their skills adversarially.
The case highlights the delicate balance between education in technology and the risks posed by global cybersecurity threats, particularly in contexts where access to advanced training is unregulated and can be exploited.
