Canada Reports China-Linked Salt Typhoon Cyberattacks Targeting Telecoms

Canadian and U.S. authorities, including the Canadian Centre for Cyber Security and the FBI, have confirmed that the China-backed hacking group Salt Typhoon has been targeting telecommunications firms in Canada, exploiting a critical Cisco router vulnerability (CVE-2023-20198) to breach networks and covertly collect traffic data. At least one unnamed Canadian telecom was compromised in mid-February 2025, with hackers gaining administrative control of three Cisco devices and configuring a GRE tunnel for espionage purposes. Salt Typhoon, active since late 2024, has primarily targeted major U.S. telecoms and data centers to gather intelligence on senior U.S. government officials, and its activities are believed to extend beyond telecommunications into multiple sectors. Despite prior warnings and the disclosure of the Cisco vulnerability in October 2023, some Canadian providers had not patched their systems, allowing Salt Typhoon ongoing access. Authorities warn that Salt Typhoon's cyber espionage efforts will likely continue targeting Canadian organizations over the next two years, as part of broader preparations for a potential Chinese invasion of Taiwan by 2027. Additional victims such as U.S. communications company Viasat have also reported unauthorized access linked to Salt Typhoon, though no customer impact has been confirmed.