A newly launched advisory from the FBI and Canada’s Cyber Centre warns of an ongoing cyber espionage marketing campaign by a China-linked group that’s concentrating on telecom networks worldwide. The report, issued June 20, 2025, factors to “Salt Storm,” a infamous Chinese language APT group utilizing identified vulnerabilities in routers and different edge community gadgets to steal delicate information.
The exercise, tracked since a minimum of February, includes exploiting gadgets on the community perimeter to achieve hidden entry, siphon off communications information, and keep long-term management. In a single documented incident, three community gadgets at a Canadian telecom have been compromised, permitting attackers to intercept name information and consumer places.
How the Assault Works
The group is utilizing vulnerabilities like CVE-2023-20198 to extract configuration recordsdata from focused gadgets. This Cisco Net UI flaw was first recognized in October 2023 and was broadly exploited, affecting over 40,000 gadgets.
As per the FBI’s advisory (PDF), Whereas the marketing campaign facilities on telecommunications suppliers, the techniques used might apply to a broader vary of targets. Edge gadgets similar to routers, firewalls, and VPN home equipment are particularly weak, notably in the event that they run outdated firmware or weak configurations.
As soon as inside, they deploy GRE (Generic Routing Encapsulation) tunnels, permitting them to silently route community visitors by programs underneath their management. This method lets them observe or manipulate communications whereas avoiding conventional safety detection.
Lengthy-Time period Espionage, Not Fast Hits
Not like smash-and-grab cyberattacks that intention for quick information theft, Salt Storm seems centered on quiet, long-term surveillance. This method aligns with different identified state-linked campaigns that prioritize strategic intelligence gathering over financial achieve.
The attackers should not utilizing zero-day exploits. As an alternative, they depend on publicly identified vulnerabilities, which are sometimes left unpatched for lengthy durations. This permits them to construct entry over time with out elevating alarms.
What’s at Danger
The FBI and Cyber Centre warn that telecom networks, by their nature, carry delicate private and industrial information. By compromising gadgets that deal with this visitors, attackers can achieve perception into consumer behaviour, bodily places, and personal conversations.
The advisory means that these campaigns are prone to proceed and will broaden additional over the subsequent two years.
The joint alert didn’t identify affected firms past the one Canadian incident however famous that comparable exercise has been noticed globally. Subsequently, organizations are urged to safe edge gadgets, audit community exercise for malicious actions, and apply obtainable patches immediately.
