News: 0178153543

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Canadian Telecom Hacked By Suspected China State Group (arstechnica.com)

(Monday June 23, 2025 @05:22PM (msmash) from the security-woes dept.)


Hackers suspected of working on behalf of the Chinese government [1]exploited a maximum-severity vulnerability , which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday. ArsTechnica:

> "The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies," officials for the center, the Canadian government's primary cyber security agency, said in a statement. "The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon." The FBI issued its own nearly identical statement.

>

> Salt Typhoon is the name researchers and government officials use to track one of several discreet groups known to hack nations all over the world on behalf of the People's Republic of China. In October 2023, researchers disclosed that hackers had backdoored more than 10,000 Cisco devices by exploiting CVE-2023-20198, a vulnerability with a maximum severity rating of 10. Any switch, router, or wireless LAN controller running Cisco's iOS XE that had the HTTP or HTTPS server feature enabled and exposed to the Internet was vulnerable. Cisco released a security patch about a week after security firm VulnCheck published its report.



[1] https://arstechnica.com/security/2025/06/suspected-china-state-hackers-exploited-patched-flaw-to-breach-canadian-telecom/


"an unnamed telephone company" (Score:2)

by innocent_white_lamb ( 151825 )

"an unnamed telephone company"

Well, that's helpful.

Since this hack is the result of negligence on the part of this unnamed company (as the patch was provided by the vendor months before), it would be useful to know who it is for the purpose of knowing who not to trust with your business.

Not that there's likely to be much accountability in any case since folks living in any particular area won't have many competing service providers to choose from, but not providing the name removes even the chance of a cust

Telecoms not interested in security (Score:2)

by N7DR ( 536428 )

About twenty years ago, I was privileged to be one of the authors of a security specification written at the behest of cable-based telecom companies that described the detailed design of a system for securing phone conversations that were carried over their networks. [1]https://www.cablelabs.com/spec... [cablelabs.com]. The design specifically started with the assumption that the network was penetrated, and was designed to ensure that the attacker could neither disrupt service nor learn anything useful about the traffic (for

[1] https://www.cablelabs.com/specifications/PKT-SP-SEC1.5

"Reintegration complete," ZORAC advised. "We're back in the
universe again..." An unusually long pause followed, "...but I don't
know which part. We seem to have changed our position in space." A
spherical display in the middle of the floor illuminated to show the
starfield surrounding the ship.
"Several large, artificial constructions are approaching us,"
ZORAC announced after a short pause. "The designs are not familiar, but
they are obviously the products of intelligence. Implications: we have
been intercepted deliberately by a means unknown, for a purpose unknown,
and transferred to a place unknown by a form of intelligence unknown.
Apart from the unknowns, everything is obvious."
-- James P. Hogan, "Giants Star"