Cisco has revealed that the Salt Typhoon hacking group, linked to Chinese intelligence, primarily gained access to its telecommunications systems through stolen login credentials. In one case, they exploited a known seven-year-old vulnerability, despite a fix being available since 2018. The use of valid, stolen credentials is central to this hacking campaign, but the origins of these credentials are still unclear. Cisco systems were compromised at multiple telecom companies across the U.S. and globally, with the group employing lateral movement techniques to facilitate their operations.
The use of valid, stolen credentials has been observed throughout this campaign, though it is unknown at this time exactly how the initial credentials in all cases were obtained by the threat actor.
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.
Collection
[
|
...
]