The Canadian Centre for Cyber Security and the FBI in the U.S. have put out statements that both state that a unnamed Canadian telco has apparently been pwned by Chinese hackers:
The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.
Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025. The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network.
In separate investigations, the Cyber Centre has found overlaps with malicious indicators associated with Salt Typhoon, reported by our partners and through industry reporting, which suggests that this targeting is broader than just the telecommunications sector. Targeting of Canadian devices may allow the threat actors to collect information from the victim’s internal network, or use the victim’s device to enable the compromise of further victims. In some cases, we assess that the threat actors’ activities were very likely limited to network reconnaissance .
While our understanding of this activity continues to evolve, we assess that PRC cyber actors will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years. To monitor and mitigate this threat, we encourage Canadian organizations to consult the guidance linked below on hardening networks, security considerations for edge devices, and additional cyber threat information pertaining to the PRC.
So in short, China is has hacked this Canadian telco to snoop on traffic since February 2025. I assume that includes things like text messages and calls, not to mention unencrypted data. That’s not good to say the least. Now I for one would like to know which telco got pwned. And I also would like to know what that telco, along with every other telco in Canada is going to do to ensure that this stops here. Canadians deserve to know that their telcos are doing everything possible to keep their communications safe. So how about it Bell, Rogers, TELUS and Quebecor? Will you do your part to reassure Canadians that this stops here?
Related
This entry was posted on June 24, 2025 at 3:45 pm and is filed under Commentary with tags Canada, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An Unnamed Canadian Telco Was Pwned By Chinese Hackers
The Canadian Centre for Cyber Security and the FBI in the U.S. have put out statements that both state that a unnamed Canadian telco has apparently been pwned by Chinese hackers:
The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.
Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025. The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network.
In separate investigations, the Cyber Centre has found overlaps with malicious indicators associated with Salt Typhoon, reported by our partners and through industry reporting, which suggests that this targeting is broader than just the telecommunications sector. Targeting of Canadian devices may allow the threat actors to collect information from the victim’s internal network, or use the victim’s device to enable the compromise of further victims. In some cases, we assess that the threat actors’ activities were very likely limited to network reconnaissance .
While our understanding of this activity continues to evolve, we assess that PRC cyber actors will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years. To monitor and mitigate this threat, we encourage Canadian organizations to consult the guidance linked below on hardening networks, security considerations for edge devices, and additional cyber threat information pertaining to the PRC.
So in short, China is has hacked this Canadian telco to snoop on traffic since February 2025. I assume that includes things like text messages and calls, not to mention unencrypted data. That’s not good to say the least. Now I for one would like to know which telco got pwned. And I also would like to know what that telco, along with every other telco in Canada is going to do to ensure that this stops here. Canadians deserve to know that their telcos are doing everything possible to keep their communications safe. So how about it Bell, Rogers, TELUS and Quebecor? Will you do your part to reassure Canadians that this stops here?
Share this:
Like this:
Related
This entry was posted on June 24, 2025 at 3:45 pm and is filed under Commentary with tags Canada, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.