Between December 2024 and January 2025, the Chinese-backed espionage group RedMike, also known as Salt Typhoon, exploited vulnerabilities in Cisco equipment at global telecommunications companies on a large scale. According to Recorded Future‘s Insikt Group, these targeted attacks exploited two known vulnerabilities in unpatched Cisco IOS XE devices: CVE-2023-20198 and CVE-2023-20273. This allowed RedMike to gain elevated access and install a GRE tunnel, maintaining persistent control over the affected systems.
The targets included a US subsidiary of a British telecom provider, a South African telecom company, and possibly universities in the US, the Netherlands, Mexico, and Indonesia, among others. The Chinese attacks appear to be aimed at strategic information, including research in the field of technology and telecom. In total, RedMike attempted to exploit more than a thousand devices worldwide.
Although the group has already garnered significant international media attention and was recently subject to US sanctions, the attacks persist. In January 2025, the US imposed sanctions on the Chinese company Sichuan Juxinhe Network Technology for its direct involvement in RedMike’s activities. According to Recorded Future, this type of attack poses a significant threat to national security, as permanent access to telecom infrastructure can be exploited for eavesdropping or sabotage during periods of heightened political tension.
Read the rest of the story at Techzine.
