Telecommunications firms in the U.S. and other parts of the world have been persistently targeted by Chinese state-backed threat operation Salt Typhoon, also known as RedMike, in attacks exploiting the Cisco IOS XE privilege escalation bugs, tracked as CVE-2023-20198 and CVE-2023-2027, which could facilitate device takeovers, reports SC Media.
RedMike has already attempted to exploit over 1,000 vulnerable Cisco appliances worldwide, and the threat actor also sought to compromise universities in the U.S., Mexico, Argentina, Bangladesh, Indonesia, Thailand, Vietnam, and the Netherlands.
These actions indicate parallel cyberespionage and intelligence gathering efforts, an analysis from Recorded Future's Insikt Group showed.
"Despite significant media coverage and U.S. sanctions, Insikt Group expects RedMike to continue targeting telecommunications providers in the U.S. and globally due to the amount and high value of communications data that traverses these networks. This is highlighted by RedMike’s previous targeting of U.S. lawful intercept operations and the communications of significant U.S. political figures via these intrusions," said Insikt Group researchers.
