Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
Advanced Persistent Threat: Salt Typhoon Exposed
Networking giant Cisco has confirmed that a sophisticated Chinese threat actor, known as Salt Typhoon, successfully breached major U.S. telecommunications companies. The hackers exploited a well-known vulnerability, CVE-2018-0171, and used stolen credentials to maintain access for an incredible duration of over three years.
How the Attack Was Executed
According to Cisco Talos, the campaign was highly coordinated and patient. The attackers used several advanced techniques to stay hidden:
- Credential Theft: They captured SNMP, TACACS, and RADIUS traffic to steal secret keys and administrative passwords.
- Living-off-the-Land (LOTL): Instead of using custom malware, they abused legitimate network tools and trusted infrastructure to move between different telecom providers.
- Configuration Manipulation: The actors created local guest accounts and enabled SSH access to bypass existing security filters (ACLs).
The "JumbledPath" Utility
Researchers discovered a bespoke Go-based tool named JumbledPath used by the group. This utility allowed the hackers to execute remote packet captures and clear system logs (like .bash_history and auth.log) to erase any forensic evidence of their presence.
Why This Matters
The ability of Salt Typhoon to remain undetected for years highlights the critical danger of unpatched legacy vulnerabilities. By using compromised switches as "jump-hosts," they could pivot through internal networks that were otherwise not reachable from the public internet.
Defend Against State-Sponsored Attacks
As APT groups like Salt Typhoon become more aggressive, the industry needs skilled Network Security experts and SOC Analysts who can detect subtle "Living-off-the-land" activities.
Join the Best Ethical Hacking Institute in Bhilai & Raipur: Master Network Penetration Testing, Log Analysis, and Incident Response. Contact us today for a professional career in Cybersecurity!
5 Comments
Pooja Choudhary (18 Feb 2025, 11:08 PM)
The BEC campaign targeting the energy sector is alarming. Good catch!
Megha Kapoor (18 Feb 2025, 09:08 PM)
Great analysis by Kian Technologies. Keeping our systems patched is indeed critical.
Amit Mehra (18 Feb 2025, 08:08 PM)
Great analysis by Kian Technologies. Keeping our systems patched is indeed critical.
Sneha Reddy (18 Feb 2025, 05:08 PM)
Practical mitigations mentioned here are very useful for small businesses.
Suresh Iyer (18 Feb 2025, 05:08 PM)
Quality post as always! Keep up the good work, Kian Technologies.