Salt Typhoon gained initial access to telecoms through Cisco devices | CyberScoop<\/title> <meta name=\"description\" content=\"The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisco-talos-salt-typhoon-initial-access\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Salt Typhoon gained initial access to telecoms through Cisco devices\"> <meta property=\"og:description\" content=\"The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisco-talos-salt-typhoon-initial-access\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-02-20T22:31:36+00:00\"> <meta property=\"article:modified_time\" content=\"2025-02-20T22:31:39+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1739821441g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1739308213g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=5e4722b3d0055288d011\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83557\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83557\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisco-talos-salt-typhoon-initial-access%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisco-talos-salt-typhoon-initial-access%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83557 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisco-talos-salt-typhoon-initial-access\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.133962264151\">\n<div class=\"single-article__header-content\" readability=\"35.435323383085\">\n<p> The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83557\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-5.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS \/ AFP) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"34.175544507576\"><body readability=\"70.387201735358\"><\/p>\n<p>Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group\u2019s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a <a href=\"https:\/\/blog.talosintelligence.com\/salt-typhoon-analysis\/\">threat intelligence report<\/a>.<\/p>\n<p>Cisco Talos, the networking vendor\u2019s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco IOS XE (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2018-0171\">CVE-2018-0171<\/a>). Yet, researchers asserted Salt Typhoon gained initial access to Cisco devices with legitimate login credentials in all other incidents it\u2019s investigated to date.<\/p>\n<p>The report marks the first time Cisco acknowledged the role its equipment played in Salt Typhoon\u2019s attack spree on telecom networks. Recorded Future last week said <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-china-ongoing-telecom-attack-spree\/\">five additional telecom networks were hit by Salt Typhoon<\/a> via a pair of other vulnerabilities in Cisco IOS XE (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-20198\">CVE-2023-20198<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-20273\">CVE-2023-20273<\/a>) between early December and late January.<\/p>\n<p>Cisco Talos said it hasn\u2019t identified any evidence to confirm Salt Typhoon\u2019s exploitation of other known Cisco vulnerabilities. The company declined to answer questions. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cCisco Talos published a blog about the threat actor Salt Typhoon\u2019s campaign, based on Cisco\u2019s investigation while assisting law enforcement and victims of the attacks,\u201d a company spokesperson said via email. \u201cOur findings do not cover the entirety of the Salt Typhoon campaign or all affected infrastructure, as these go beyond the scope of Cisco\u2019s engagement and technology. As always, we strongly advise customers to patch known vulnerabilities and follow industry best practices for securing management protocols.\u201d<\/p>\n<p>Salt Typhoon\u2019s primary initial access point for attacks on telecom networks hasn\u2019t been identified by authorities, but U.S. and global officials advised network defenders to address the risk of Cisco device exploitation in <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/enhanced-visibility-and-hardening-guidance-communications-infrastructure\">guidance<\/a> released in December. The Cybersecurity and Infrastructure Security Agency declined to comment on Cisco\u2019s report.<\/p>\n<p>Cisco Talos reaffirmed other previously shared threat intelligence, particularly Salt Typhoon\u2019s ability to gain persistent access to telecom networks\u2019 infrastructure with living-off-the-land techniques, describing it as a hallmark of the campaign. <\/p>\n<p>The threat group maintained access to one target environment for more than three years, according to Cisco Talos.<\/p>\n<p>Researchers said it\u2019s unknown how Salt Typhoon obtained valid credentials to Cisco devices, but noted the threat group actively attempted to acquire additional credentials through network device configurations and local accounts with weak passwords. Salt Typhoon also captured network protocol traffic, including secret keys used between network devices to likely obtain additional credentials, the report said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Another key component of Salt Typhoon\u2019s activities involved continued movement through compromised infrastructure. Researchers said the threat group blended its activity into normal operations by jumping through trusted infrastructure.<\/p>\n<p>\u201cThe threat actor also pivoted from a compromised device operated by one telecom to target a device in another telecom,\u201d the report said. \u201cWe believe that the device associated with the initial telecom was merely used as a hop point and not the intended final target in several instances.\u201d<\/p>\n<p>Most of Salt Typhoon\u2019s movement across infrastructure involved network equipment from different vendors, according to Cisco Talos.<\/p>\n<p>\u201cThe long timeline of this campaign suggests a high degree of coordination, planning and patience \u2014 standard hallmarks of advanced persistent threat and state-sponsored actors,\u201d researchers said in the report.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.3476635514019\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"21.477572559367\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/salt-typhoon-china-ongoing-telecom-attack-spree\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-2.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg 2121w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> For suspected Chinese hackers, U.S. telecoms represent a tempting target for espionage. (Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"3.4963768115942\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/salt-typhoon-china-ongoing-telecom-attack-spree\/\"> Salt Typhoon remains active, hits more telecom networks via Cisco routers <\/a> <\/h3>\n<p> The Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S., Recorded Future researchers said. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-kapko\/\"> Matt Kapko <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/removal-cyber-safety-review-board-members\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-7.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Committee chairman Rep. Mark Green, R-Tenn., and ranking member Rep. Bennie Thompson, D-Miss., speak to one another during a hearing with the House Committee on Homeland Security on Capitol Hill on January 30, 2024. (Photo by Anna Moneymaker\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/removal-cyber-safety-review-board-members\/\"> Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/treasury-sanctions-chinese-cybersecurity-company-salt-typhoon-hacks\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-4.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg 4018w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=1024,681 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=1536,1022 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=2048,1363 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=1014,675 1014w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices-8.jpg?resize=1267,843 1267w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> (Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/treasury-sanctions-chinese-cybersecurity-company-salt-typhoon-hacks\/\"> Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisco-talos-salt-typhoon-initial-access\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Salt Typhoon gained initial access to telecoms through Cisco devices<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,1764,1084,724,78,452,256,2953,29,49,288],"tags":[277,1769,1087,727,86,454,262,2956,37,57,294],"class_list":["post-7380","post","type-post","status-publish","format-standard","hentry","category-china","category-cisco","category-cisco-ios-xe","category-cisco-talos","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-research","category-salt-typhoon","category-telecommunications","category-threat-intelligence","category-threats","tag-china","tag-cisco","tag-cisco-ios-xe","tag-cisco-talos","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-research","tag-salt-typhoon","tag-telecommunications","tag-threat-intelligence","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco\/\" rel=\"category tag\">Cisco<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco-ios-xe\/\" rel=\"category tag\">Cisco IOS XE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco-talos\/\" rel=\"category tag\">Cisco Talos<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salt-typhoon\/\" rel=\"category tag\">Salt Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/telecommunications\/\" rel=\"category tag\">Telecommunications<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threat-intelligence\/\" rel=\"category tag\">Threat Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7380"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7380\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7380,"date":"2025-02-20T16:31:36","date_gmt":"2025-02-20T22:31:36","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83557"},"modified":"2025-02-20T16:31:36","modified_gmt":"2025-02-20T22:31:36","slug":"salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/20\/salt-typhoon-gained-initial-access-to-telecoms-through-cisco-devices\/","title":{"rendered":"Salt Typhoon gained initial access to telecoms through Cisco devices"},"content":{"rendered":"