The Chinese state-sponsored hacking group Salt Typhoon has been using a custom tool called JumbledPath to covertly monitor network traffic and potentially steal sensitive data from U.S. telecom providers.
Active since at least 2019, Salt Typhoon has been linked to breaches of major telecom companies like Verizon, AT&T, and T-Mobile, reportedly intercepting private communications, including government wiretap requests.
Cisco Talos revealed that the group primarily infiltrated networks using stolen credentials, though they were also observed extracting authentication data from compromised devices and modifying network configurations to maintain persistent access.
A key part of their strategy was deploying JumbledPath, a Go-based malware designed for Linux-based network devices, enabling packet capture while disguising their presence through intermediary systems.
The tool also included mechanisms to disable and erase logs, making it harder for forensic investigators to detect the breach.
Security experts advise telecom providers to monitor unauthorized SSH activity, track anomalies in system logs, and ensure networking devices are promptly patched.
With Chinese hacking groups increasingly targeting edge networking devices, companies must stay vigilant against both zero-day exploits and attacks leveraging stolen credentials.
Logging you in...
Loading IntenseDebate Comments...