Salt Typhoon Strikes Canada: China-Linked APT Breaches Telecom, Exploits Cisco Routers for Espionage
A large-scale cyber-espionage campaign has been uncovered in Canada, reportedly orchestrated by a threat group known as Salt Typhoon, which authorities believe is linked to China. The operation was disclosed in a joint advisory issued on the evening of June 20 by Canadian officials and the FBI. According to information from official sources, the attackers infiltrated at least one unnamed national telecommunications provider as early as February this year.
During the intrusion, the hackers exploited three Cisco-manufactured routers to covertly intercept network traffic—a method that enables access to sensitive information without visibly disrupting equipment or triggering immediate detection.
However, as Canadian and U.S. cybersecurity experts note, the scope of Salt Typhoon’s cyber-espionage activities extends well beyond the telecommunications sector. Independent investigations indicate that the group’s interests encompass a far broader array of industries.
Salt Typhoon, active since at least late 2024, had previously been observed targeting major American telecom operators and internet service providers. The group has also been linked to intrusions into data center hosting companies in pursuit of intelligence-gathering objectives. Western intelligence services report that Salt Typhoon is particularly focused on collecting data concerning high-ranking U.S. government officials.
Authorities and analysts are increasingly convinced that such cyber-espionage campaigns are components of a broader strategic blueprint—one intended to prepare China for a potential military campaign against Taiwan, which Beijing may initiate by 2027. This prospect has been the subject of ongoing debate among experts and policymakers for several years, and the activities of Salt Typhoon are now seen as further evidence of preparations for such a scenario.
In their joint statement, the Canadian government and the FBI warn that infrastructure-targeted attacks are almost certain to continue over the next two years. This trend poses grave risks to both public systems and private enterprises. In response, authorities urge all organizations to bolster their cybersecurity posture and promptly report any suspicious incidents.
