The Canadian Centre for Cyber Security (Cyber Centre), in partnership with the United States Federal Bureau of Investigation (FBI), has issued a joint warning regarding ongoing cyberattacks targeting Canadian telecommunications companies. These attacks have been attributed to state-sponsored threat actors from the People’s Republic of China (PRC), specifically a group tracked as “Salt Typhoon” in industry reporting.
Details of the Threat
The cyberattacks involve the compromise of network devices within Canadian telecommunications infrastructure. In a notable incident in February 2025, three network devices registered to a Canadian telecom provider were breached. The attackers exploited a known vulnerability (CVE-2023-20198) in Cisco IOS XE devices to extract configuration files and, in at least one case, established a GRE (Generic Routing Encapsulation) tunnel. This allowed covert exfiltration of network traffic, suggesting a focus on espionage and data collection from within the provider’s infrastructure.
While the primary target has been telecommunications companies, the advisory warns that the campaign’s reach is broader, potentially affecting other sectors and client organizations connected to telecom providers. The attackers are believed to be conducting network reconnaissance and data exfiltration, and may use compromised systems as footholds for further intrusions.
Telecommunications networks are, of course, high-value targets for state-sponsored actors due to the sensitive data they carry, including communications, location, and device information. The attackers’ goals include collecting intelligence on government officials and other high-value targets, intercepting communications, and potentially enabling further compromises through trusted service providers.
Attribution and Ongoing Risk
The Cyber Centre and FBI state with high confidence that these attacks are conducted by PRC state-sponsored actors, specifically Salt Typhoon. This group has a documented history of targeting telecom infrastructure globally for espionage purposes. The advisory assesses that PRC cyber actors will “almost certainly” continue targeting Canadian organizations, especially telecom providers and their clients, over the next two years. The threat is ongoing, and the actors are expected to persist despite public exposure of their tactics.
Recommendations and Response
Canadian organizations, particularly those in telecommunications and critical infrastructure, are urged to harden their networks, secure edge devices (such as routers and firewalls), and consult available guidance on mitigating these threats.
The warning is part of a broader pattern of PRC state-sponsored cyber activity targeting critical infrastructure in North America, with similar campaigns observed in the United States. The FBI has highlighted the “broad and unrelenting” nature of the Chinese government’s cyber operations against sectors vital to national security and economic stability.
