A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon | CyberScoop<\/title> <meta name=\"description\" content=\"Experts tell CyberScoop that the U.S. telecom system is just too technologically fragmented to gather a clear picture of threats, and too big to ever fully eject all espionage efforts.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/salt-typhoon-chinese-hackers-us-telecom-breach\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon\"> <meta property=\"og:description\" content=\"Experts tell CyberScoop that the U.S. telecom system is just too technologically fragmented to gather a clear picture of threats, and too big to ever fully eject all espionage efforts.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/salt-typhoon-chinese-hackers-us-telecom-breach\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-21T11:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png\"> <meta property=\"og:image:width\" content=\"3841\"> <meta property=\"og:image:height\" content=\"2161\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747327192g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1747161863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84606\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84606\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsalt-typhoon-chinese-hackers-us-telecom-breach%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsalt-typhoon-chinese-hackers-us-telecom-breach%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84606 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-chinese-hackers-us-telecom-breach\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.75\">\n<div class=\"single-article__header-content\" readability=\"30.928348909657\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/salt-typhoon-chinese-hackers-us-telecom-breach\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Experts tell CyberScoop that the U.S. telecom system is just too technologically fragmented to gather a clear picture of threats, and too big to ever fully eject all espionage efforts. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon.png?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png 3841w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon-1.png?resize=1498,843 1498w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Scoop News Group graphic) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"154.65921192758\"><body readability=\"312.81856187291\"><\/p>\n<p>When the news broke that a Chinese hacking group known as Salt Typhoon had penetrated multiple U.S. telecommunications networks, gained access to the phones of a presidential campaign, and collected geolocation data on high-value targets around Washington D.C., one of the first questions on the minds of executives and U.S. officials was how long it would take to kick them out.<\/p>\n<p>The spying campaign <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-us-government-response\/\">shocked the government<\/a> and telecom industry alike. While cyber-enabled espionage between world powers is broadly considered fair play, Salt Typhoon\u2019s brazenness and the methodical, systematic way of compromising networks and collecting high-value intelligence reflected a deep understanding of how U.S. telecommunications networks operate.<\/p>\n<p>Salt Typhoon\u2019s widespread intrusions for a U.S. adversary endangered the cellular communications of nearly all Americans\u2014including high-level government officials\u2014 and posed a severe threat to U.S. national security. Senator Mark Warner, D-Va., a former telecommunications executive, has called it \u201cthe most serious telecom hack in our nation\u2019s history.\u201d<\/p>\n<p>And yet in the months following, the Biden administration, current and former cybersecurity officials, members of Congress and other experts have repeatedly floated the possibility that many U.S. telecommunications firms may never fully expunge the hacking group from their networks.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Laura Galante, who led the Cyber Threat Intelligence Integration Center at the Office of the Director of National Intelligence until January, told CyberScoop that the subdued reaction in some circles reflects the way that digital breaches are often treated less seriously by the public than physical ones.<\/p>\n<p>\u201cWe can\u2019t accept this level of espionage on our networks,\u201d said Galante. \u201cIf you had 50 Chinese [Ministry of State Security] spies or contractors sitting inside a major [telecom company\u2019s]building, they would be walked out and it would be a full-scale effort. That\u2019s in broad strokes what has happened, but the access was digital.\u201d<\/p>\n<p>But in interviews with multiple U.S. government and industry officials, a full-scale effort to digitally eject Salt Typhoon will be easier said than done.<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-it-isn-t-hard-to-hide\"><strong>It isn\u2019t hard to hide <\/strong><\/h5>\n<p>When U.S. officials warn that telecoms may never be able to fully purge Salt Typhoon from their networks, it\u2019s largely based on three factors: the size and complexity of modern telecommunications networks, the difficulty in managing identity solutions which grant broad access to those networks, and a history of industry consolidation and indifference to cybersecurity that left many telecoms ill-prepared to go toe-to-toe with Chinese government hackers.<\/p>\n<p>Those factors have resulted in a sprawling system of telecommunications networks composed of both legacy and modern technologies that are riddled with software and hardware vulnerabilities and provide multiple pathways to reentry through exploitation.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>If one access point is patched or closed or if the actors are evicted, they can often simply exploit another chain of vulnerabilities in order to regain access or leverage previously deployed persistence mechanisms. Put another way: if a homeowner leaves all their windows open, a burglar doesn\u2019t care if they\u2019ve locked the front and back doors.<\/p>\n<p>\u201cI think everybody\u2019s rushing to say \u2018Yes, we\u2019ve evicted Salt Typhoon, Salt Typhoon is no longer a problem.\u2019 But that\u2019s not how [cybersecurity] works and it\u2019s also not how intelligence agencies work,\u201d said Silas Cutler, a principal security researcher at cybersecurity firm Censys.<\/p>\n<p>In the wake of Salt Typhoon\u2019s public outing, large telecoms like<a href=\"https:\/\/www.cybersecuritydive.com\/news\/att-verizon-salt-typhoon\/736680\/\"> AT&T<\/a>,<a href=\"https:\/\/www.verizon.com\/about\/news\/verizon-provides-update-salt-typhoon-matter\"> Verizon<\/a>,<a href=\"https:\/\/techcrunch.com\/2024\/12\/31\/another-us-telco-says-its-network-is-now-clear-of-china-backed-salt-typhoon-hackers\/?guccounter=1&guce_referrer=aHR0cHM6Ly9zZWN1cml0eWFmZmFpcnMuY29tLw&guce_referrer_sig=AQAAABhimVCmb4rIwJPZ7RBd_FXAZfI06OiTIq6sewBtIQf7e4wbs7X4pj4YkWNxwxNQ3ek437RFeX2rUUX9Wv2tpyOXTj3EOg3aOfnQAmLSwHRguWaHG71nj_DmNj1gw5jrm1Vs-0mpa-QUeQuwrfUovI8gcntDgzAD-wPcq2nsR4mi\"> Lumen<\/a> and others have confirmed they were affected and claimed to have either purged the actors from their network or \u201ccontained\u201d the incident.<\/p>\n<p>But U.S. officials continue to insist that Salt Typhoon remains active in U.S. networks, and experts who spoke with CyberScoop say that statements from telecoms about their exposure are overflowing with legalese, measuring one point in time, and don\u2019t account for numerous ways that attackers could reenter telecom infrastructure.<\/p>\n<p>\u201cThe best you can do is find them early in the kill chain,\u201d said Gentry Lane, CEO and founder of Nemesis Global, a defensive cybersecurity platform for critical infrastructure entities that is only sold in NATO and Five Eyes countries. \u201cYou can expel [them] and you need to. You can\u2019t keep them from living off the land or living in your system.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>There\u2019s also a problem of scale. Any serious attempt to expunge Chinese hackers from even a single telecom network would likely need to include the forensic analysis of tens of thousands of company endpoints for signs of compromise, lateral movement or data theft. While Lane has worked to build Nemesis Global\u2019s platform to conduct such automated endpoint memory forensics, she said it is a relatively recent capability that is not widely available.<\/p>\n<p>Cutler said part of the difficulty in tracking Salt Typhoon stems from a lack of confirmed, granular indicators of compromise for threat hunters to track.<\/p>\n<p>\u201cThose types of really targeted threat hunting [IOCs] to look for, I just haven\u2019t seen it with Salt Typhoon,\u201d he said. \u201cI feel like there\u2019s not enough for me to hunt on regularly and reliably to be able to say \u2018Yeah, I think we have pretty good removal of this activity.\u2019 \u201d<\/p>\n<p>Sources pointed to two types of technologies that the group has repeatedly exploited in its campaign: identity management software and network edge devices.<\/p>\n<p>\u201cWhen you get down to the nuts and bolts, the question is whether can you manage who has access to different parts of your network,\u201d said Galante. \u201cCan you confidently hunt and detect malicious activity on your network at a speed that\u2019s relevant? That\u2019s going to help answer whether Chinese Intelligence is still in our telcos\u201d in the coming years.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Meanwhile, a six-month trend <a href=\"https:\/\/censys.com\/blog\/the-persistent-threat-of-salt-typhoon-tracking-exposures-of-potentially-targeted-devices\">analysis<\/a> from Censys released in April found over 200,000 public exposures of four popular networking and edge devices with vulnerabilities that are known or thought to have been exploited by Salt Typhoon, most located in the United States.<\/p>\n<p>Not all of the exposed devices are necessarily vulnerable, and many researchers remain frustrated by the lack of direct telemetry on Salt Typhoon. Nevertheless, the report reached an unsettling conclusion.<\/p>\n<p>\u201cDespite growing public awareness of Salt Typhoon\u2019s activity, there has been little meaningful reduction in exposed, reportedly targeted devices on the public internet\u2014just 25% since October 2024,\u201d the report stated.<\/p>\n<p>Network edge devices have become a critical tool for Chinese hackers to hide their presence from both telecoms and U.S. authorities. Targeting and compromising VPNs, small office\/home office (SOHO) routers and WiFi-only routers allows groups like Salt Typhoon to pose as domestic U.S. users and blend in with normal network traffic. It also allows them to operate within trusted U.S. networks and evade detection by threat hunters.<\/p>\n<p>\u201cWhat China does is they use those sets of localized U.S. IP address edge devices to obfuscate the last couple miles of network traffic that is coming out of China,\u201d said Galante. \u201cThey very much understand that our authorities are much harder to use once you\u2019ve jumped to U.S. IP space.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-consolidated-markets-consolidated-vulnerabilities\"><strong>Consolidated markets, consolidated vulnerabilities<\/strong><\/h5>\n<p>The technology stacks managed by telecommunications companies are massive, complex, and reflective of the industry\u2019s decades-long history of consolidation.<\/p>\n<p>As the internet and digitization transformed media at the turn of the millennium, telecoms expanded beyond basic telephone and connectivity services to include banking, mobile financial services and advertising.<\/p>\n<p>In many cases, executives viewed acquisitions as the quickest and most efficient path to accomplish that goal, buying up other companies and absorbing their technology infrastructure along the way. A 2023 <a href=\"https:\/\/www.ftidelta.com\/insights\/perspectives\/decoding-the-consolidation-in-telecoms-exploring-deals-rationale-and-sizing\">analysis<\/a> by Victor Font at FTIDelta found that telecom consolidation was largely driven by telecoms\u2019 desire for synergy and cost savings across their network and IT segments as companies sought to meet exploding consumer demand and grow their market presence.<\/p>\n<p>This strategy has had profound consequences in the digital security space, leaving many of the market\u2019s largest players as a Frankenstein\u2019s monster of different equipment, technologies and architecture.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWhen a company acquires another one, they are very much acquiring the security vulnerabilities of that company, too,\u201d said Galante.<\/p>\n<p>Telecom companies have purchased regional carriers, a wide variety of technology types, and networks upon networks \u201cthat are layered with everything from copper wires to the most advanced 5G and 6G technologies.\u201d<\/p>\n<p>\u201cSecuring that is particularly hard, and you\u2019ve got to absorb essentially the security posture and build in all the different emergency response and CERT-like functions for every one of those acquisitions you do,\u201d Galante said.<\/p>\n<p>Another former U.S. cybersecurity official co-signed that sentiment, telling CyberScoop that new acquisitions invariably introduce new complexities and risks into security management. But overall, the concern is less about the acquisitions themselves and more about whether they were carried out responsibly with regard to cybersecurity.<\/p>\n<p>\u201cDid they do the right level of due diligence? Did they do the right level of integration to make sure that they were bringing the new acquisitions up to the same level of security standards internally?\u201d asked the official, who requested anonymity to discuss Salt Typhoon.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-a-potential-fix-runs-into-a-familiar-problem\"><strong>A potential fix runs into a familiar problem <\/strong><\/h5>\n<p>Further research has shown how the industry has had varied responses to vulnerability disclosure and remediation, especially when presented with evidence that flaws exist in systems that are using state-of-the-art technology. <\/p>\n<p>Kevin Butler, a professor of computer and information science and engineering at the University of Florida and director of the Florida Institute for Cybersecurity Research is one of the authors of Ransacked, a massive research project examining vulnerabilities in telecom core networks.<\/p>\n<p>In an interview, Butler said to think of the cellular network at three levels: user equipment (i.e. cell phones and equipment with cellular interfaces), the over-the-air communications that equipment makes to base stations that connect into larger Radio Access Networks, and the communications between those networks and the Public Switched Telephone Network, the cellular core that links to the rest of global telephony infrastructure.<\/p>\n<p>Butler\u2019s team focused their research on that last part, investigating the variety of ways that malicious actors could exploit existing vulnerabilities to compromise and access the core cellular network.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>One of the first things they discovered is that many existing cybersecurity tools and protocols were ill-suited for the task.<\/p>\n<p>The cellular network is \u201cmade up of a large number of components that interact in very complicated ways\u201d and \u201cthe types of protocols that are used look a little different\u201d from regular computer networks protocols.<\/p>\n<p>\u201cWhat this means is that the types of security assessment tools that we generally use for assessing network protocols don\u2019t work that well for cellular networks,\u201d said Butler.<\/p>\n<p>Using a cybersecurity testing method known as \u201cfuzzing\u201d that feeds random or unexpected data into a program to identify security issues, Butler\u2019s team developed a bespoke system that could account evaluate the cybersecurity of LTE\/5G core telecommunications infrastructure.<\/p>\n<p>What they found was stark:many common LTE and 5G implementations (Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN) had more than a hundred distinct and exploitable vulnerabilities. Most of these could be used to either disrupt cellular communications within a geographic area, while a smaller subset could grant remote access to the network core.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>For some vulnerabilities, the researchers discovered that sending certain messages to the core network would corrupt the system\u2019s memory, allowing an attacker to run any commands they wanted. The research team developed a proof-of-concept program that could \u201cbasically establish a command and control or persistent channel to that network component and then cause further damage from there,\u201d said Nathaniel Bennet, a student at the university and lead author for the paper.<\/p>\n<p>Patrick Traynor, another University of Florida professor involved in the research, told CyberScoop that their report only reflects the vulnerabilities they were able to find with their own limited resources.<\/p>\n<p>But perhaps even more concerning is the way those flaws were eventually addressed. Prior to publication, the team reached out to as many open-source maintainers, commercial entities and others with affected software to go through the vulnerability disclosure process. Some took the issue seriously, while others didn\u2019t respond. In other cases, the team couldn\u2019t identify a responsible party or maintainer \u2013 a common problem in critical infrastructure \u2013 and many of those that did respond simply lacked the personnel or expertise to address the flaws.<\/p>\n<p>In the end, Bennett wound up spending months communicating with affected stakeholders and creating most of the patches for affected software. <\/p>\n<p>When asked how the team responded to news of Salt Typhoon\u2019s intrusions into U.S. telecoms, Traynor said they weren\u2019t surprised.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>He emphasized that \u201cthis is just what we found\u201d with the limited expertise and resources they had available, and flatly stated \u201cwe expect there to be more\u201d flaws identified if additional parties or security experts were to apply similar scrutiny to other parts of the U.S. telecom network.<\/p>\n<p>\u201cFirst, these networks are extraordinarily complicated,\u201d said Traynor. \u201cCertainly securing the internet is hard enough, and for lots of reasons, both the complexity, but also the sort of history of its closed nature, it really means that not as many eyes are able to look at these systems.\u201d<\/p>\n<p><em>Tim Starks contributed reporting for this story.<\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9865871833085\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/salt-typhoon-chinese-hackers-us-telecom-breach\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A house full of open windows: Why telecoms may never<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[27,2687,999,271,4299,78,4313,4314,117,2952,4315,2815,2953,29,4316,2373,3542],"tags":[35,2688,1002,277,4302,86,4317,4318,119,2955,4319,2822,2956,37,4320,2376,3545],"class_list":["post-7661","post","type-post","status-publish","format-standard","hentry","category-5g","category-att","category-censys","category-china","category-ctiic","category-cybersecurity","category-ftidelta","category-fuzzing","category-government","category-lumen-technologies","category-radio-access-networks","category-routers","category-salt-typhoon","category-telecommunications","category-university-of-florida","category-verizon","category-virtual-private-network-vpn","tag-5g","tag-att","tag-censys","tag-china","tag-ctiic","tag-cybersecurity","tag-ftidelta","tag-fuzzing","tag-government","tag-lumen-technologies","tag-radio-access-networks","tag-routers","tag-salt-typhoon","tag-telecommunications","tag-university-of-florida","tag-verizon","tag-virtual-private-network-vpn"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/5g\/\" rel=\"category tag\">5G<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/att\/\" rel=\"category tag\">AT&T<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/censys\/\" rel=\"category tag\">Censys<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ctiic\/\" rel=\"category tag\">CTIIC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ftidelta\/\" rel=\"category tag\">FTIDelta<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fuzzing\/\" rel=\"category tag\">fuzzing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lumen-technologies\/\" rel=\"category tag\">Lumen Technologies<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/radio-access-networks\/\" rel=\"category tag\">Radio Access Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/routers\/\" rel=\"category tag\">routers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salt-typhoon\/\" rel=\"category tag\">Salt Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/telecommunications\/\" rel=\"category tag\">Telecommunications<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/university-of-florida\/\" rel=\"category tag\">University of Florida<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/verizon\/\" rel=\"category tag\">Verizon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/virtual-private-network-vpn\/\" rel=\"category tag\">virtual private network (VPN)<\/a>","tag_info":"virtual private network (VPN)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7661"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7661\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7661,"date":"2025-05-21T06:00:00","date_gmt":"2025-05-21T11:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84606"},"modified":"2025-05-21T06:00:00","modified_gmt":"2025-05-21T11:00:00","slug":"a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/21\/a-house-full-of-open-windows-why-telecoms-may-never-purge-their-networks-of-salt-typhoon\/","title":{"rendered":"A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon"},"content":{"rendered":"