Salt Typhoon: A New Wave of Cyber Threats to Canadian Telecoms
Introduction to a Rising Concern
In recent months, the cybersecurity landscape has become increasingly fraught, particularly concerning the activities of a cyber threat group known as Salt Typhoon. Recent warnings from the Canadian Centre for Cyber Security, in collaboration with the Federal Bureau of Investigation (FBI) of the United States, reveal that this China-backed group has been actively targeting Canadian telecommunications providers. The implications of this campaign are far-reaching, underscoring the vulnerabilities that can exist within critical infrastructure.
Understanding the Espionage Campaign
Investigations indicate that Salt Typhoon has employed sophisticated tactics to carry out cyber espionage, focusing on data collection via compromised network devices. Specifically, Cisco equipment has come under fire; in February 2025, Salt Typhoon was able to exploit a vulnerability in Cisco’s IOS XE Software, identified as CVE-2023-20198. This flaw, disclosed and patched shortly after its discovery in 2023, allowed attackers to set up a GRE tunnel, enabling them to siphon off traffic from the network of affected Canadian telcos.
Connections to Other Industries
While telcos are currently in Salt Typhoon’s crosshairs, intelligence has suggested that additional Canadian organizations may also be at risk. The advisory warns of not just immediate threats within the telecommunications sector but a broader landscape where other industries could become potential targets for similar incursions.
The Nature of the Attack
The compromise of the three network devices underscores a significant concern: the potential for these actors to gather sensitive information from internal networks. According to the advisory, the hackers may not just limit their activities to reconnaissance; they could exploit any vulnerabilities identified to further compromise networks, ultimately affecting a wider range of entities and individuals.
Long-term Implications of Cyber Espionage
Cybersecurity experts predict that the activities of Chinese threat actors like Salt Typhoon could extend for at least another two years, particularly against telecom companies and their customers. Historically, state-sponsored entities have often targeted telecom services to gather extensive customer data, enabling them to track high-profile individuals, including government officials.
Past Incidents Highlight the Threat
The ramifications of this cyber activity are not hypothetical. In 2024, it was confirmed that hackers, likely linked to Salt Typhoon, exfiltrated call data from major U.S. telecom providers, including AT&T and Verizon. This theft was directly related to espionage efforts targeting government officials and politically engaged individuals, highlighting the serious risks involved.
The Bigger Picture in Cybersecurity
The ongoing threats posed by groups like Salt Typhoon illuminate the larger challenges facing the telecommunications sector and other critical industries everywhere. With the potential to compromise sensitive information and disrupt vital services, telecommunications have become a primary battlefield in the realm of cyber warfare. Understanding the tactics and motivations behind such cyber espionage campaigns is essential for organizations striving to fortify their defenses against future attacks.
Conclusion
As the landscape of cyber threats continues to evolve, vigilance and proactive measures will be crucial for telecommunications and other industries alike. Awareness of the tactics employed by threat actors like Salt Typhoon is the first step in safeguarding data and maintaining the integrity of essential services.
