Recent cyber activity has been detected involving the Chinese state-sponsored threat actor, Salt Typhoon, as reported by security researchers at Recorded Future. The group has expanded its target range beyond the US to include organizations in the UK, South Africa, and various other countries. By exploiting vulnerabilities in Cisco’s IOS software used in routers and switches, Salt Typhoon has managed to compromise over 12,000 devices connected to the internet, though focusing primarily on a select group of telecoms and universities.

Notable recent targets of Salt Typhoon’s attacks include US ISPs, a UK telecom subsidiary, as well as entities in South Africa, Thailand, Italy, and numerous universities worldwide. The threat actor’s aggressive activities have been ongoing between December 2024 and January 2025, underscoring the urgent need for organizations to patch their systems to prevent exploitation of known vulnerabilities. Levi Gundert of Recorded Future’s Insikt Group highlighted the persistent and active nature of Salt Typhoon’s operations, emphasizing the crucial role of cybersecurity measures in safeguarding against such threats.

In response, Cisco has confirmed that the vulnerabilities exploited by Salt Typhoon have been addressed through patches, urging users to update their systems promptly. The prevalence of unpatched vulnerabilities poses a significant risk, facilitating the efforts of cybercriminals to deploy malware and compromise vulnerable networks. As the threat landscape continues to evolve, staying informed and taking proactive security measures remain essential in mitigating potential cyber risks.