Chinese state-sponsored hackers Salt Typhoon have been caught targeting telecoms companies across Canada as part of an ongoing global espionage operation.
The Canadian Centre for Cyber Security (Cyber Centre) sounded the alarm this week. Working alongside American counterparts at the FBI, Canadian officials have identified notorious Chinese state-sponsored hacking group ‘Salt Typhoon’ as behind the operation.
Security researchers discovered Salt Typhoon had broken into three network devices belonging to a Canadian telecoms company back in February. The hackers weren’t just looking around—they actively modified configuration files to create what’s known as a GRE tunnel, essentially building themselves a hidden pipeline to siphon off network traffic.
This isn’t some isolated incident. The intrusions are part of a much broader intelligence-gathering operation that has already successfully penetrated major telecoms providers globally.
Canadian businesses caught in the crosshairs
What’s particularly worrying is that the Cyber Centre’s investigations reveal Salt Typhoon isn’t limiting itself to telecoms. The group has cast a much wider net across Canadian industries.
The playbook appears straightforward but effective: compromise one organisation’s systems, then use that foothold either to harvest sensitive data or as a launching pad to infect connected networks. In some cases, the hackers seemed content with simply mapping out network architectures—likely cataloguing vulnerabilities for future exploitation.
Security professionals at the Cyber Centre believe these incursions will continue over the next two years at least, with telecoms providers and their clients sitting in the crosshairs.
For many smaller Canadian businesses, this presents a troubling reality: they might be targeted not for their own data, but simply because they connect to more valuable targets through their service providers.
The intelligence goldmine of telecoms
It’s hardly surprising that telecom networks have become prime targets for hackers like Salt Typhoon. These vast digital ecosystems carry our most intimate conversations, track our movements, and store enormous volumes of personal and business data.
For intelligence agencies, gaining access to these networks is like striking gold. A compromised telecom can provide the ability to track individuals’ locations, listen to phone calls, and intercept text messages—all without the victim ever knowing they’re being monitored.
The technical approach isn’t particularly novel. Attackers typically exploit vulnerabilities in network equipment like routers, or find weaknesses in the systems responsible for routing and managing communications. What’s changed is the scale and persistence of these operations.
Telecom providers face an almost impossible challenge. They’re defending massive network infrastructures with countless potential entry points, against adversaries with virtually unlimited resources and patience.
Salt Typhoon: A global campaign unmasked
The Canadian revelations come after investigations last year uncovered evidence that Chinese-backed hackers had breached several major global telecoms providers, including American wireless carriers.
Perhaps most concerning for Western governments, the stolen data included not just general customer records, but also private communications from individuals working in government and political spheres.
Five years ago, such attacks were primarily focused on stealing intellectual property or financial data. Now we’re seeing much more targeted intelligence gathering aimed at specific individuals of interest.
The Cyber Centre has expressed particular concern about the ripple effects these breaches could have. When hackers compromise a telecoms provider, they potentially gain access to all the organisations served by that provider—a troubling multiplier effect that could expose vast amounts of sensitive information.
The vulnerability at the edge
According to Canada’s National Cyber Threat Assessment for 2025-2026, hackers are increasingly focusing their efforts on “edge devices” (i.e. the routers, firewalls, and VPN solutions that form the perimeter of networks.)
These devices make tempting targets because they sit at the border between internal networks and the wider internet. Compromise one of these, and attackers gain the ability to monitor, modify, or steal data flowing through them. In the worst cases, they can use them as a foothold to penetrate deeper into victims’ systems.
This is exactly the approach Salt Typhoon has employed against Canadian telecoms companies; targeting these edge devices with known vulnerabilities to establish persistent access.
What’s frustrating for security teams is that despite these tactics being well-documented in public reporting, the attacks continue. This suggests either that organisations are struggling to implement patches and security measures, or that the attackers are continually evolving their methods.
Facing the threat of sophisticated hackers like Salt Typhoon
For Canadian businesses, particularly those in telecoms, the situation demands urgent action. The Cyber Centre has urged organisations to follow guidance on hardening networks, with special attention to edge devices that might be overlooked in security planning.
Priority measures include promptly patching known vulnerabilities, implementing multi-factor authentication for administrative access, and monitoring networks for unusual traffic patterns that might indicate compromise.
Telecom providers have been advised to conduct thorough security audits and implement strong network segmentation to essentially build internal barriers that limit how far attackers can move if they do breach initial defences.
This ongoing campaign highlights how critical infrastructure has become a battlefield for international espionage, with telecoms networks representing particularly high-value targets. It’s a stark reminder that cybersecurity is more of a national security concern than ever.
(Photo by Tim Foster)
See also: Cloudflare neutralises largest DDoS onslaught in history
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
👇Follow more 👇
👉 bdphone.com
👉 ultractivation.com
👉 trainingreferral.com
👉 shaplafood.com
👉 bangladeshi.help
👉 www.forexdhaka.com
👉 uncommunication.com
👉 ultra-sim.com
👉 forexdhaka.com
👉 ultrafxfund.com
👉 bdphoneonline.com
👉 dailyadvice.us