Talos: No Cisco Zero Days Used in Salt Typhoon Telecom Hacks

Chinese nation-state hackers, known as Salt Typhoon, infiltrated U.S. telecoms using stolen credentials and a custom utility, JumbledPath, to capture sensitive data. While Cisco Talos found evidence suggesting exploitation of CVE-2018-0171, other reports claim use of more recent Cisco vulnerabilities. Talos advises telecoms to secure network infrastructure and patch against CVE-2018-0171.