China-Backed Salt Typhoon Hackers Are Still Targeting Global Networks

Sophia Rodriguez
By Sophia Rodriguez Add a Comment

Despite U.S. sanctions and extensive media coverage, the China-backed hacking group Salt Typhoon remains active, targeting telecommunications providers, ISPs, and universities worldwide. A new report from cybersecurity firm Recorded Future reveals that Salt Typhoon continues to exploit unpatched Cisco network devices, maintaining one of the most persistent cyber-espionage campaigns in history.

The group first gained attention in 2023 when it was discovered breaching eight major U.S. telecommunications companies in a long-running effort to spy on high-profile officials. Although AT&T and Verizon claimed in December that they were no longer detecting Salt Typhoon activity, Recorded Future confirms that the attacks continued through January 2025. The findings suggest that Chinese state-backed hackers are still deeply embedded in global networks, raising concerns about espionage, data manipulation, and national security threats.

What’s Happening & Why This Matters

Salt Typhoon’s Persistent Hacking Campaign

Salt Typhoon is actively exploiting vulnerabilities in Cisco network devices, particularly those linked to telecommunications and internet service providers. Their targeting strategy prioritizes infiltrating networks that manage sensitive communications and infrastructure:

  • More than 12,000 Cisco devices were found with exposed web interfaces, making them highly susceptible to unauthorized access.
  • Hackers have attempted to breach over 1,000 devices, focusing on telecom providers, critical infrastructure, and ISP networks.
  • Victims include ISPs in the U.S. and Italy, telecom providers in South Africa and Thailand, and a U.S. affiliate of a U.K.-based telecom firm.

Targeting Universities for Strategic Intelligence

Beyond corporate and government networks, Salt Typhoon also targets universities to gain access to cutting-edge research and technological advancements.

  • Universities in Argentina, Bangladesh, Indonesia, Malaysia, Mexico, the Netherlands, Thailand, the U.S., and Vietnam have reported unauthorized access attempts.
  • Prestigious institutions like UCLA and TU Delft have been affected, suggesting a focus on cybersecurity, engineering, and telecom research.
  • University networks remain particularly vulnerable due to open research-sharing policies, giving hackers direct access to sensitive studies, communications, and intellectual property.

Eavesdropping, Data Manipulation, and Service Disruptions

Salt Typhoon’s continued activity poses a significant cybersecurity risk with widespread consequences:

  • The group can intercept calls, texts, and corporate communications, leading to serious confidentiality breaches.
  • Manipulating data flows allows attackers to alter information, disrupt services, and mislead officials during geopolitical conflicts.
  • Cyber espionage at this level provides strategic intelligence advantages, which could be used for economic, military, or political leverage.

Mitigating the Threat: What Experts Recommend

Cybersecurity professionals and intelligence agencies are calling for urgent action to mitigate the growing risks posed by Salt Typhoon:

  • All exposed Cisco devices should be patched immediately to eliminate known security flaws.
  • End-to-end encryption should be enforced for sensitive communications, making it harder for hackers to intercept confidential data.
  • Enhanced network monitoring and proactive threat detection must be implemented to identify and block unauthorized access.
  • Governments and private organizations must collaborate on a broader cybersecurity framework to counter state-sponsored cyber threats effectively.

TF Summary: What’s Next

Despite continuous efforts to dismantle its operations, Salt Typhoon remains a persistent cyber-espionage force. The group’s focus on telecom providers and universities suggests an ongoing effort to collect sensitive data, manipulate global communication networks, and conduct covert surveillance. As governments and cybersecurity firms race to patch vulnerabilities and strengthen defenses, organizations must act swiftly to prevent further infiltration and minimize long-term risks. The battle against state-sponsored cyber threats is far from over.

— Text-to-Speech (TTS) provided by gspeech

Share This Article
Avatar photo
By Sophia Rodriguez “TF Eco-Tech”
Background:
Sophia Rodriguez is the eco-tech enthusiast of the group. With her academic background in Environmental Science, coupled with a career pivot into sustainable technology, Sophia has dedicated her life to advocating for and reviewing green tech solutions. She is passionate about how technology can be leveraged to create a more sustainable and environmentally friendly world and often speaks at conferences and panels on this topic.
Leave a comment
Register Lost your password?