Salt Typhoon Hackers Hid in U.S. Telecoms for 3 Years

Washington, February 21, 2025 –Chinese-backed Salt Typhoon hackers secretly infiltrated U.S. telecom networks for over three years, using stolen credentials and Cisco exploits to remain undetected.

Chinese state-sponsored hackers, known as Salt Typhoon, infiltrated U.S. telecom networks and remained undetected for over three years, Cisco has confirmed. The cyberespionage group exploited a known Cisco vulnerability (CVE-2018-0171) and stole login credentials to gain deep access to multiple telecom providers.

Security experts warn that this prolonged, undetected presence suggests a sophisticated, state-backed operation, with Salt Typhoon using advanced techniques to blend in, steal sensitive data, and avoid detection. A cybersecurity analyst Nathaniel Morales said:

This isn’t just a breach, it’s a silent occupation of critical infrastructure. For three years, these hackers had unrestricted access to U.S. telecom networks, potentially intercepting sensitive communications.

Salt Typhoon used “living-off-the-land” (LOTL) techniques, hijacking legitimate network infrastructure as pivot points to move between telecom providers. They also captured SNMP, TACACS, and RADIUS traffic, collecting login credentials to expand their foothold. Security expert Mike Herrington.

Their ability to erase logs and modify configurations made forensic detection incredibly difficult.

Even more alarming, hackers used compromised Cisco devices as relays to launch further attacks on undisclosed high-value targets, possibly for data exfiltration or cyberwarfare planning.

Other News At VPNRanks

Hey, wait!

Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.