China’s Salt Typhoon Hackers Are Still Targeting Global Networks – Here’s What You Need to Know
Cybersecurity threats are evolving rapidly, and one of the most persistent hacking groups, known as Salt Typhoon, continues to infiltrate major telecommunications networks worldwide. Despite previous warnings and U.S. sanctions, this China-backed cyberespionage group is still actively targeting internet service providers, telecom companies, and universities across multiple countries.
A recent report by cybersecurity firm Recorded Future reveals that Salt Typhoon is exploiting vulnerabilities within unpatched Cisco network devices. Their primary targets include telecommunications providers in the U.S., Italy, South Africa, and Thailand, as well as universities with telecommunications research programs such as UCLA in the United States and TU Delft in the Netherlands.
According to cybersecurity expert Levi Gundert, head of Insikt Group (the research arm of Recorded Future), Salt Typhoon is actively exploiting more than 1,000 Cisco devices. The group’s methods enable them to gain unauthorized access to call logs, text messages, confidential government communications, and corporate data. Gundert warns that these attacks are turning telecom networks into “Swiss cheese” – full of security gaps that make access easier for persistent attackers.
Who Has Been Affected and Why It Matters
Salt Typhoon has been a growing concern for years. In late 2024, U.S. intelligence reported that at least eight U.S. telecom firms, including AT&T and Verizon, had fallen victim to their cyberattacks. Although both companies worked to secure their systems by December 2024, further attacks occurred between December 2024 and January 2025, proving the resilience of this hacking group.
The latest cyberattacks have affected a U.S.-based and an Italian ISP, telecom providers in South Africa and Thailand, a U.S. affiliate of a UK-based telecom firm, and universities researching cybersecurity for telecommunications. Targeting academic institutions allows Salt Typhoon to access early-stage research and technological developments, creating risks for corporate competition, national security, and global geopolitical stability.
How to Protect Against These Attacks
Governments and organizations are now urgently working to strengthen cybersecurity measures. The FBI and CISA (Cybersecurity and Infrastructure Security Agency) have advised businesses and public institutions to update their Cisco network equipment immediately. Outdated hardware remains one of the biggest weak points that hackers can exploit.
The Recorded Future report also highlights the importance of securing communications through encryption. Utilizing end-to-end encryption can help protect sensitive data and prevent unauthorized access to corporate or government conversations.
A Persistent Cyber Threat
Even after being publicly exposed, Salt Typhoon remains highly effective and adaptable. Their continued attacks demonstrate the growing sophistication of state-sponsored hacking groups that operate beyond traditional cybersecurity defenses.
Levi Gundert emphasizes that Salt Typhoon’s mission remains unchanged: infiltrate global networks and maintain long-term access. He warns that with over 12,000 Cisco network devices still exposed to potential attacks, governments and corporate leaders must take cybersecurity seriously.
This situation serves as a critical reminder that cybersecurity is more than just an IT issue—it’s a major national security threat. Organizations, businesses, and individuals must remain vigilant, regularly update security systems, and implement stronger cybersecurity practices.
Salt Typhoon’s latest attacks highlight the ongoing and escalating battle for digital security. As technology continues to evolve, so do cyber threats, making it clear that proactive cybersecurity measures are essential to protecting data and communications globally.
