Canada’s cybersecurity authority, the Canadian Centre for Cyber Security, alongside the U.S. FBI, has issued an urgent advisory following a state-backed cyberattack attributed to the Chinese-linked hacking group known as Salt Typhoon. The breach targeted three critical network devices owned by a Canadian telecommunications company—sparking international concern over national infrastructure vulnerabilities.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Attack Details and Technical Exploitation
The intrusion was detected in mid-February 2025 when threat analysts uncovered modifications on the company’s network devices. The attackers exploited a critical Cisco IOS XE vulnerability (CVE‑2023‑20198) to access configuration files. They then established a GRE (Generic Routing Encapsulation) tunnel within the network to stealthily monitor data flow.
Canadian cyber authorities issued alerts in collaboration with the U.S. Federal Bureau of Investigation, emphasizing that the breach was a strategic cyber-espionage operation rather than a random malware infection. The advisory warns that such operations are expected to persist—particularly against telecom providers—over the next two years.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Scope, Attribution, and National Security Implications
Analysts confirm that the malicious indicators align strongly with Salt Typhoon’s previous tactics—targeting telecom infrastructure, exploiting unpatched network devices, and establishing long-term, stealthy footholds.
The Canadian Centre for Cyber Security stated: “The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.” Investigators also warned that this campaign is likely broader than Canada’s telecom sector, possibly extending into other critical infrastructure areas.
Beijing has repeatedly denied any involvement, consistent with its response to previous Salt Typhoon allegations targeting U.S. and European systems.
About the Author – Anirudh Mittal is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change.