From the Canadian Centre for Cyber Security:
The Canadian Centre for Cyber Security (Cyber Centre) and the United States’ Federal Bureau of Investigation (FBI) are warning
Canadians of the threat posed by People’s Republic of China (PRC) state-sponsored cyber threat actor tracked in industry
reporting as Salt Typhoon. The Cyber Centre previously joined our partners in warning that PRC cyber actors have compromised
networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign. This
cyber bulletin aims to raise awareness of the threat posed by PRC cyber threat activity, particularly to Canadian
telecommunications organizations, in light of new Salt Typhoon-related compromises of entities in Canada.The threat to Canadian organizations
The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The
responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.
Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon
actors in mid-February 2025. The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three
devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network.