Security Affairs reports:
China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE network devices.
Insikt Group researchers reported that the Chinese hacked have exploited two Cisco flaws, tracked as CVE-2023-20198 and CVE-2023-20273.
In October 2023, Cisco warned customers of the zero-day vulnerability CVE-2023-20198 (CVSS score 10), in its IOS XE Software that was actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases.
Read more at Security Affairs.
