Here is the rewritten content:

Continued Threat from Salt Typhoon Despite US Sanctions

The Chinese government-linked hacking group, Salt Typhoon, is still compromising telecommunications providers despite the recent sanctions imposed by the US government on the group.

Recent Breaches

According to a report shared with TechCrunch, threat intelligence firm Recorded Future observed Salt Typhoon — also known as "RedMike" — breaching five telecommunications firms between December 2024 and January 2025.

Background

Salt Typhoon made headlines last September after it was revealed that the group had infiltrated several US phone and internet giants, including AT&T and Verizon, to gain access to the private communications of senior US government officials and political figures.

Laws and Regulation

Salt Typhoon also hacked into the systems used by law enforcement agencies for court-authorized collection of customer data, potentially accessing sensitive data such as the identities of Chinese targets of US surveillance.

Latest Victims

Recorded Future declined to name Salt Typhoon’s latest victims, but said they include a US-based affiliate of a prominent UK telecommunications provider, a US internet service provider, and telecommunications companies in Italy, South Africa, and Thailand.

Reconnaissance Activities

The hackers also performed reconnaissance — the practice of covertly discovering and collecting information about a system — on multiple infrastructure assets operated by Myanmar-based telecommunications provider, Mytel, according to Recorded Future.

Exploitation of Vulnerabilities

To carry out these attacks, Salt Typhoon exploited two vulnerabilities (tracked as CVE-20232-0198 and CVE-2023-20273) to compromise unpatched Cisco devices running Cisco IOS XE software. The hacking group has attempted to compromise more than 1,000 Cisco devices globally, focusing particularly on devices associated with telecommunications providers’ networks, Recorded Future said.

Targeting of Universities

Recorded Future said it had also observed Salt Typhoon targeting devices associated with universities, including the University of California and Utah Tech. The researchers said the hacking group "possibly targeted these universities to access research in areas related to telecommunications, engineering, and technology."

US Government Action

The US government has sanctioned companies linked to the group. In January, the US Treasury Department said it had sanctioned a China-based cybersecurity company known as Sichuan Juxinhe Network Technology, which it says is directly linked to Salt Typhoon.

Ongoing Threat

Recorded Future’s researchers say despite this action, it expects Salt Typhoon to continue targeting telecommunications providers in the US and elsewhere.