The Canadian Centre for Cyber Security and the FBI have issued a warning over hacker attacks conducted by Chinese state-sponsored threat actors against telecommunication companies in Canada.
The warning focuses on attacks conducted by Salt Typhoon, the threat group known for targeting several major telecom firms in the United States and elsewhere as part of espionage operations.
In some cases, the hackers managed to steal call records and private communications belonging to valuable targets, including government employees and political figures.
The Canadian cybersecurity agency said it’s aware of recent attacks likely conducted by Salt Typhoon against telecommunication organizations in the country.
“Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025,” the Canadian Centre for Cyber Security said.
“The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network,” it added.
CVE-2023-20198 is a Cisco device vulnerability that has also been exploited by Salt Typhoon to hack into the networks of US telcos.
The Canadian agency also pointed out that separate investigations found evidence of Salt Typhoon attacks aimed at entities outside of the telecom sector.
Source: Security Week