A newly launched advisory from the FBI and Canada’s Cyber Centre warns of an ongoing cyber espionage marketing campaign by a China-linked group that’s concentrating on telecom networks worldwide. The report, issued June 20, 2025, factors to “Salt Storm,” a infamous Chinese language APT group utilizing recognized vulnerabilities in routers and different edge community units to steal delicate information.
The exercise, tracked since no less than February, includes exploiting units on the community perimeter to realize hidden entry, siphon off communications information, and preserve long-term management. In a single documented incident, three community units at a Canadian telecom have been compromised, permitting attackers to intercept name data and person areas.
How the Assault Works
The group is utilizing vulnerabilities like CVE-2023-20198 to extract configuration recordsdata from focused units. This Cisco Net UI flaw was first recognized in October 2023 and was extensively exploited, affecting over 40,000 units.
As per the FBI’s advisory (PDF), Whereas the marketing campaign facilities on telecommunications suppliers, the techniques used may apply to a broader vary of targets. Edge units corresponding to routers, firewalls, and VPN home equipment are particularly susceptible, significantly in the event that they run outdated firmware or weak configurations.
As soon as inside, they deploy GRE (Generic Routing Encapsulation) tunnels, permitting them to silently route community site visitors by methods beneath their management. This system lets them observe or manipulate communications whereas avoiding conventional safety detection.
Lengthy-Time period Espionage, Not Fast Hits
Not like smash-and-grab cyberattacks that intention for quick information theft, Salt Storm seems targeted on quiet, long-term surveillance. This strategy aligns with different recognized state-linked campaigns that prioritize strategic intelligence gathering over financial acquire.
The attackers aren’t utilizing zero-day exploits. As an alternative, they depend on publicly recognized vulnerabilities, which are sometimes left unpatched for lengthy durations. This enables them to construct entry over time with out elevating alarms.
What’s at Danger
The FBI and Cyber Centre warn that telecom networks, by their nature, carry delicate private and industrial information. By compromising units that deal with this site visitors, attackers can acquire perception into person behaviour, bodily areas, and personal conversations.
The advisory means that these campaigns are more likely to proceed and will increase additional over the following two years.
The joint alert didn’t identify affected firms past the only Canadian incident however famous that related exercise has been noticed globally. Due to this fact, organizations are urged to safe edge units, audit community exercise for malicious actions, and apply accessible patches immediately.
