Blog

Inside Salt Typhoon’s Hacks, While They’re Inside Our Telecoms

Inside Salt Typhoon’s Hacks, While They’re Inside Our Telecoms

System Updates
August 20, 20253 min read

A shadow war is raging in the digital infrastructure we rely on every day, and most people don’t even know it. A state-backed Chinese hacking group known as Salt Typhoon has been quietly targeting telecom companies around the globe. If you use the internet, mobile phone services, or satellite communications, their actions are almost certainly affecting you.

Let’s break this down in plain English.

The Highway of Your Data, Now Under Siege

Think of your internet provider as a digital highway. Every video call, bank transaction, or text message is a car on that road. You expect toll booths and speed traps to be run by authorities who are there to protect you. But what if someone took over the whole highway, rerouted your traffic, spied on your route, or planted hidden devices along the way?

That’s exactly what Salt Typhoon has been doing.

The Tactics: Old Flaws, New Threats

Since 2023, Salt Typhoon has been exploiting old vulnerabilities, especially in Cisco routers, to break into the networks of major telecom companies like Viasat, as well as critical infrastructure in the U.S. and Canada. These routers, often left unpatched for years, become easy gateways when combined with stolen admin credentials.

In 2024, Salt Typhoon infiltrated a U.S. National Guard network, remaining undetected for nine months. In that time, they exfiltrated military plans, personnel files, and troop movement data. They also hit Viasat’s satellite infrastructure, siphoning off call logs, geolocation data, and internal emails, potentially disrupting emergency and military communications in the process.

Canada Isn’t Immune

Canada became the first confirmed non-U.S. victim, as the group breached telecom networks there, again through compromised Cisco devices. They redirected traffic to steal customer information, including billing records and browsing histories.

The Playbook: Phishing, Malware, and Persistence

Salt Typhoon’s methods are alarmingly effective:

  • Phishing emails lure employees to click on malicious links.

  • Fake VPN login pages mimic corporate portals to steal credentials.

  • Custom malware, like GhostStream, hides in plain sight to monitor or extract data.

  • Router log tampering helps them erase their digital footprints.

They’ve already targeted over 70 U.S. entities, spanning government, telecom, and critical infrastructure like power grids. Once inside, they spread laterally, using weak passwords and outdated software to access more systems. Even when detected, they often return, thanks to planted secondary backdoors and stolen security keys.

Why It Matters to You

If you use a phone, make work calls, or access your bank online, you’re at risk. A successful breach could lead to:

  • Exposed private conversations

  • Redirected connections to fake sites

  • Stolen passwords or client information

This isn’t just a national security issue; it’s a personal one.

What You Can Do: Three Key Steps

At CyberStreams, we’re committed to protecting the digital roads you travel. Here are three proactive steps you can take today:

  1. Use Encrypted Connections
    Always use a VPN to keep your data secure, even from your own internet provider.

  2. Monitor Network Traffic
    Watch for unusual behavior on your network. Our Managed Network Appliances and SOC services detect and respond to intrusions in real-time.

  3. Train Your Team on Phishing
    Human error is still the #1 attack vector. Our 2-minute micro-trainings and regular cyber awareness newsletters keep your staff informed and alert.

Conclusion: This War Is Silent, But the Damage Isn’t

Salt Typhoon isn’t just hacking telecoms, they’re rewriting the rules of digital warfare. They hide in the systems we trust most, stealing not just data but control. And while their targets may seem far away, military networks, satellite providers, or telecom giants, the ripple effects hit all of us.

Staying ahead requires constant vigilance, modern tools, and informed people. You don’t need to be a cyber expert to stay safe, but you do need to act.

At CyberStreams, we’re here to help you do just that.

A reliable and engaged partner in the IT support and services sector is crucial for achieving consistent growth through effective technological strategies. Mat Kordell, Chief Operating Officer of CyberStreams, is dedicated to assisting clients in optimizing their technology for a competitive edge. At CyberStreams, Mat leads a team focused on delivering outstanding IT security and services. Drawing on his wealth of experience and practical knowledge, Mat ensures that clients receive comprehensive support and direction for their IT security projects. With CyberStreams as your partner, you'll have the resources to enhance your business systems and thrive in today's competitive business environment.

Mat Kordell | Chief Operating Officer | CyberStreams

A reliable and engaged partner in the IT support and services sector is crucial for achieving consistent growth through effective technological strategies. Mat Kordell, Chief Operating Officer of CyberStreams, is dedicated to assisting clients in optimizing their technology for a competitive edge. At CyberStreams, Mat leads a team focused on delivering outstanding IT security and services. Drawing on his wealth of experience and practical knowledge, Mat ensures that clients receive comprehensive support and direction for their IT security projects. With CyberStreams as your partner, you'll have the resources to enhance your business systems and thrive in today's competitive business environment.

Back to Blog

Ready For A No-Nonsense Approach To IT?

  1. Hire us to set your IT strategy up for sustainable success.

  2. Learn about our proven No-Nonsense approach.

  3. Get an IT roadmap designed specifically for you.

  4. Fearlessly grow your business.

Schedule an Appointment Today

It’s our job to help your business save money, work faster and focus on what is most important. Schedule a 30-minute call to see if we are a good fit to help your organization.

Enter your name and email to get started today.

Featured Posts

Inside Salt Typhoon’s Hacks, While They’re Inside Our Telecoms

Inside Salt Typhoon’s Hacks, While They’re Inside Our Telecoms

System Updates
August 20, 20253 min read

A shadow war is raging in the digital infrastructure we rely on every day, and most people don’t even know it. A state-backed Chinese hacking group known as Salt Typhoon has been quietly targeting telecom companies around the globe. If you use the internet, mobile phone services, or satellite communications, their actions are almost certainly affecting you.

Let’s break this down in plain English.

The Highway of Your Data, Now Under Siege

Think of your internet provider as a digital highway. Every video call, bank transaction, or text message is a car on that road. You expect toll booths and speed traps to be run by authorities who are there to protect you. But what if someone took over the whole highway, rerouted your traffic, spied on your route, or planted hidden devices along the way?

That’s exactly what Salt Typhoon has been doing.

The Tactics: Old Flaws, New Threats

Since 2023, Salt Typhoon has been exploiting old vulnerabilities, especially in Cisco routers, to break into the networks of major telecom companies like Viasat, as well as critical infrastructure in the U.S. and Canada. These routers, often left unpatched for years, become easy gateways when combined with stolen admin credentials.

In 2024, Salt Typhoon infiltrated a U.S. National Guard network, remaining undetected for nine months. In that time, they exfiltrated military plans, personnel files, and troop movement data. They also hit Viasat’s satellite infrastructure, siphoning off call logs, geolocation data, and internal emails, potentially disrupting emergency and military communications in the process.

Canada Isn’t Immune

Canada became the first confirmed non-U.S. victim, as the group breached telecom networks there, again through compromised Cisco devices. They redirected traffic to steal customer information, including billing records and browsing histories.

The Playbook: Phishing, Malware, and Persistence

Salt Typhoon’s methods are alarmingly effective:

  • Phishing emails lure employees to click on malicious links.

  • Fake VPN login pages mimic corporate portals to steal credentials.

  • Custom malware, like GhostStream, hides in plain sight to monitor or extract data.

  • Router log tampering helps them erase their digital footprints.

They’ve already targeted over 70 U.S. entities, spanning government, telecom, and critical infrastructure like power grids. Once inside, they spread laterally, using weak passwords and outdated software to access more systems. Even when detected, they often return, thanks to planted secondary backdoors and stolen security keys.

Why It Matters to You

If you use a phone, make work calls, or access your bank online, you’re at risk. A successful breach could lead to:

  • Exposed private conversations

  • Redirected connections to fake sites

  • Stolen passwords or client information

This isn’t just a national security issue; it’s a personal one.

What You Can Do: Three Key Steps

At CyberStreams, we’re committed to protecting the digital roads you travel. Here are three proactive steps you can take today:

  1. Use Encrypted Connections
    Always use a VPN to keep your data secure, even from your own internet provider.

  2. Monitor Network Traffic
    Watch for unusual behavior on your network. Our Managed Network Appliances and SOC services detect and respond to intrusions in real-time.

  3. Train Your Team on Phishing
    Human error is still the #1 attack vector. Our 2-minute micro-trainings and regular cyber awareness newsletters keep your staff informed and alert.

Conclusion: This War Is Silent, But the Damage Isn’t

Salt Typhoon isn’t just hacking telecoms, they’re rewriting the rules of digital warfare. They hide in the systems we trust most, stealing not just data but control. And while their targets may seem far away, military networks, satellite providers, or telecom giants, the ripple effects hit all of us.

Staying ahead requires constant vigilance, modern tools, and informed people. You don’t need to be a cyber expert to stay safe, but you do need to act.

At CyberStreams, we’re here to help you do just that.

A reliable and engaged partner in the IT support and services sector is crucial for achieving consistent growth through effective technological strategies. Mat Kordell, Chief Operating Officer of CyberStreams, is dedicated to assisting clients in optimizing their technology for a competitive edge. At CyberStreams, Mat leads a team focused on delivering outstanding IT security and services. Drawing on his wealth of experience and practical knowledge, Mat ensures that clients receive comprehensive support and direction for their IT security projects. With CyberStreams as your partner, you'll have the resources to enhance your business systems and thrive in today's competitive business environment.

Mat Kordell | Chief Operating Officer | CyberStreams

A reliable and engaged partner in the IT support and services sector is crucial for achieving consistent growth through effective technological strategies. Mat Kordell, Chief Operating Officer of CyberStreams, is dedicated to assisting clients in optimizing their technology for a competitive edge. At CyberStreams, Mat leads a team focused on delivering outstanding IT security and services. Drawing on his wealth of experience and practical knowledge, Mat ensures that clients receive comprehensive support and direction for their IT security projects. With CyberStreams as your partner, you'll have the resources to enhance your business systems and thrive in today's competitive business environment.

Back to Blog

Enroll in Our Email Course

Learn How a No-Nonsense IT Strategy Benefits Your ComBullet listpany:

  • Strategies to allocate your IT budget efficiently

  • Enhance cybersecurity defenses on a bButtonudget

  • Ensure your technology investments continue to serve your business as it grows