Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers, despite recent sanctions imposed by the U.S. government.
In a report shared with TechCrunch, threat intelligence firm Recorded Future said it observed Salt Typhoon breaching five telecoms between December 2024 and January 2025. Salt Typhoon infiltrated several U.S. phone and internet companies, including AT&T (NYSE: T), T-Mobile (NASDAQ: TMUS) and Verizon (NYSE: VZ), to gain access to the private communications of senior U.S. government officials and political figures, Inside Towers reported.
Recorded Future declined to name Salt Typhoon’s latest victims but said they include a U.S.-based affiliate of a prominent U.K. telecommunications provider, an American ISP, and telecommunications companies in Italy, South Africa, and Thailand, reports TechCrunch.
To carry out these attacks, Salt Typhoon exploited two vulnerabilities to compromise unpatched Cisco devices running Cisco IOS XE software. The hacking group has attempted to compromise more than 1,000 Cisco devices globally, focusing particularly on devices associated with telecommunications providers’ networks, Recorded Future said.
Recorded Future said it observed Salt Typhoon targeting devices associated with universities, including the University of California and Utah Tech. The researchers said the hacking group “possibly targeted these universities to access research in areas related to telecommunications, engineering, and technology.”
The U.S. government has sanctioned companies linked to the group. In January, the U.S. Treasury Department — itself targeted by Chinese government hackers — recently said it sanctioned a China-based cybersecurity company known as Sichuan Juxinhe Network Technology, which it says is directly linked to Salt Typhoon. Recorded Future’s researchers say despite this action, it expects Salt Typhoon to continue targeting telecommunications providers in the U.S. and elsewhere.
By Leslie Stimson, Inside Towers Washington Bureau Chief
Reader Interactions