The Canadian Centre for Cyber Security and the FBI have issued a warning over hacker attacks conducted by Chinese state-sponsored threat actors against telecommunication companies in Canada.
The warning focuses on attacks conducted by Salt Typhoon, the threat group known for targeting several major telecom firms in the United States and elsewhere as part of espionage operations.
In some cases, the hackers managed to steal call records and private communications belonging to valuable targets, including government employees and political figures.
The Canadian cybersecurity agency said it’s aware of recent attacks likely conducted by Salt Typhoon against telecommunication organizations in the country.
“Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025,” the Canadian Centre for Cyber Security said.
“The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network,” it added.
CVE-2023-20198 is a Cisco device vulnerability that has also been exploited by Salt Typhoon to hack into the networks of US telcos.
The Canadian agency also pointed out that separate investigations found evidence of Salt Typhoon attacks aimed at entities outside of the telecom sector.
“Targeting of Canadian devices may allow the threat actors to collect information from the victim’s internal network, or use the victim’s device to enable the compromise of further victims. In some cases, we assess that the threat actors’ activities were very likely limited to network reconnaissance,” the agency said.
US communications company Viasat is the latest to confirm being targeted by Salt Typhoon. Viasat said it had detected unauthorized access through a compromised device, but found no evidence of impact to customers.
While several of Salt Typhoon’s victims in the US are known, it’s unclear which telcos have been targeted in Canada.
Related: Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics
Related: China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America
Related: Man Helped Individuals in China Get Jobs Involving Sensitive US Government Projects
