Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday.
“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,” officials for the center, the Canadian government’s primary cybersecurity agency, said in a statement. “The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon.” The FBI issued its own nearly identical statement.