The Canadian Center for Cyber Security and US Federal Bureau of Investigation (FBI) has issued advisory warnings of cyber attacks by salt typhoon actors associated with China to dissolve major global telecommunications providers as part of the cyber espionage campaign.
The attackers exploited an important Cisco iOS XE software (CVE-2023-20198, CVSS Score: 10.0) to reach configuration files from three network devices registered in a Canadian telecommunications company in mid-February 2025.
Danger actors are also said to have modified at least one file to configure a general routing encapsulation (GRE) tunnel to enable traffic collection from the network. The name of the targeted company was not revealed.
Saying that the possibility of targeting is beyond the telecom sector, agencies said that the targeting of Canadian equipment may be allowed to use the danger actors as a benefit to collect information from the network compromised and to dissolve additional equipment.
“In some cases, we assess that the danger actors were very limited to limiting activities to network reconnaissance,” according to the alert.
Agencies further stated that the age network devices are making an attractive goal for Chinese state-propelled threats that are looking to maintain and maintain continuous access to telecom service providers.
With the reports preceded by the recorded future, the findings expanded the exploitation of CVE-2023-20198 and Cve-2023-20273 to infiltrate telecommunications and internet firms in the US, South Africa and Italy, and took advantage of fourteals to install Grace Till for long access and data exfIs for long-term access and data exfIs.
UK NCSC warns shoe rack and umbrella stand malware that targets fortinet devices
The development has come in the form of UK National Cyber Security Center (NCSC), dubbing two separate malware families, dubbing shoe racks and umbrella stands, targeting the Fortigate 100D series firewall made by Fortinet.
While the shoe rack is a post-explanation tool for remote shell access and TCP tunling through a compromise device, the umbrella stand is designed to run the shell command released from an attacker-controlled server.
Interestingly, the shoe rack is partially based on a publicly available tool, named Reverse_Shell, by coincidence, a China-Naxus is also renovated to prepare a Windows Implant Kodan Gorcell called Purplahaz by a Chinese-Nex threat cluster. It is not currently clear whether these activities are related.
The NCSC stated that it identified some similarities between the umbrella stand and the concentration, a rear door that was previously placed by Chinese state -backed hackers in a cyber attack targeted in a Dutch armed forces network.
