Tech

Salt Typhoon’s Go-To Vulnerability Unpatched on 91% Exchange Servers 

  • Reading time: 2 min
China’s Salt Typhoon espionage group has exploited a key vulnerability in US telecom and government networks

China’s Salt Typhoon espionage group has exploited a key vulnerability in US telecom and government networks, even though a patch has been available for almost four years now. 

Tenable reported that 91% of nearly 30,000 showed Microsoft Exchange servers remain unpatched for CVE-2021-26855, also known as ProxyLogon, forcing critics to question the plethora of inadequate cybersecurity practices despite law enforcement and experts’ endless warnings. 

Unpatched Servers’ Salt Typhoon Attacks 

Microsoft disclosed the ProxyLogon vulnerability in March 2021 and warned of China’s Salt Typhoon hacks, which at the time were exploited to execute remote code on a Microsoft Exchange server. 

After its disclosure, Salt Typhoon hackers continued to exploit the ProxyLogon vulnerability with other Chinese attacks. Many organizations failed to patch for the issue, with many warnings ignored, not only by the police, but also cybersecurity experts. According to Five Eyes nations, it was among the most exploited security vulnerabilities last year. 

Salt Typhoon continues to take exploit unpatched, publicly exposed servers targeted by cybercriminals. However, the Salt Typhoon breach of Ivanti Vulnerabilities (CVE-2023-46805 and CVE-2024-21887) prompted faster response, with 92% of weak devices patched.  

The Chinese cyber espionage group’s use of stealthy malware such as GhostSpider, SnappyBee, and Masol allows for constant access to networks without being detected. 

Salt Typhoon Threat Actor 

Salt Typhoon is part of a larger wave of China-led cyberattacks on US government networks. Groups like Volt Typhoon target critical systems such as transportation and military networks, to disrupt during destructive attacks.  

“China’s overarching goal in executing an operation like Volt Typhoon is to disrupt or degrade America’s rail, port, and aviation systems, so the US cannot rapidly mobilize military forces and get military equipment, personnel, and supplies to the battlefield,” retired US Navy Rear Admiral Mark Montgomery told Congress on Wednesday. 

Lawmakers issued warnings that China has emerged as “America’s most capable and opportunistic cyber adversary” given the growing threat from these Chinese Salt Typhoon operations. 

Cybersecurity experts highlight the strategic intent behind these attacks where China is preparing itself for a cyber warfare situation by hacking into some of the most vulnerable government systems.  

The ProxyLogon Salt Typhoon exploitation proves that patching is a way to prevent such an attack. The fact that Salt Typhoon attacked known vulnerabilities for initial access makes it important for organizations to address known risks quickly. Therefore, regular patch management and security updates are necessary to eliminate these kinds of attacks. 

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.

Tags: