Salt Typhoon breached a Canadian telecom.

Summary

By the CyberWire staff

At a glance.

Salt Typhoon breached a Canadian telecom.
Steel giant Nucor says data was stolen during last month's attack.
APT28 distributes new malware via Signal phishing attacks.

Salt Typhoon breached a Canadian telecom.

The Canadian Centre for Cyber Security and the US FBI have released a bulletin warning that the Chinese state-sponsored threat actor Salt Typhoon is targeting Canadian telecoms, breaching at least one entity earlier this year. The bulletin states, "Three network devices registered to a Canadian telecommunications company were compromised by likely Salt Typhoon actors in mid-February 2025. The actors exploited CVE-2023-20198 to retrieve the running configuration files from all three devices and modified at least one of the files to configure a GRE tunnel, enabling traffic collection from the network."

The bulletin adds, "[W]e assess that PRC cyber actors will almost certainly continue to target Canadian organizations as part of this espionage campaign, including telecommunications service providers and their clients, over the next two years."

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

Steel giant Nucor says data was stolen during last month's attack.

US steel giant Nucor has disclosed that hackers stole "limited data" from the company's IT systems during a cyberattack last month, SecurityWeek reports. The company says it's "reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law." The company added that the incident is not expected to have a material impact on its financial condition.

The company hasn't shared details on the nature of the attack, though SecurityWeek notes that the response suggests ransomware may have been involved.

Workload security and next-generation firewall resources.

As application and service environments become more complex, traditional security practices based on static rules can struggle to adapt. Security and DevSecOps teams need zero-trust security solutions to mitigate issues that arise from running intricate workloads.

AWS uniquely integrates with Palo Alto Networks’ VM Series Next-Generation Firewall (NGFW) and App ID functionality for a scalable and centralized zero-trust security layer. Read an in-depth article for a technical overview on implementing them today. Read the article here.

APT28 distributes new malware via Signal phishing attacks.

Russia's APT28 is targeting Ukrainian government entities via phishing attacks on Signal, BleepingComputer reports. The attacks distribute malicious documents that install two newly observed strains of malware dubbed "BeardShell" and "SlimAgent." BeardShell is designed to download PowerShell scripts, while SlimAgent captures screenshots of infected computers.

BleepingComputer notes that the attacks don't involve any vulnerabilities in Signal, but "threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its increased usage by governments worldwide."

Notes.

Today's issue includes events affecting Canada, China, Russia, Ukraine, and the United States.

Attacks, Threats, and Vulnerabilities

Warnings Ratchet Up Over Iranian Cyberattacks (GovInfoSecurity) Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks

Marketplace

Tanium Appoints Tara Ryan as Chief Marketing Officer to Lead Growth and Brand Strategy for Autonomous Endpoint Management Innovator (BusinessWire) Tanium, a leader in Autonomous Endpoint Management (AEM), today announced the appointment of Tara Ryan as Chief Marketing Officer (CMO).

Products, Services, and Solutions

Forward Networks Recognized as Winner of the 2025 Fortress Cybersecurity Awards (Cision PR Newswire) /PRNewswire/ -- Forward Networks announced today it has been named the winner of the Leading Cybersecurity Product for Compliance award in the 2025 Fortress...

Vectra AI Announces New GenAI Solutions on AWS, Powered by Amazon Bedrock - Vectra news release (Vectra AI) Published: Jun 17, 2025. Vectra AI Announces New GenAI Solutions on AWS, Powered by Amazon Bedrock. Visit our news releases page to read more!

Litigation, Investigation, and Law Enforcement

Revil ransomware members released after time served on carding charges (BleepingComputer) Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

fwd:cloudsec North America 2025 (Denver, Colorado, USA, Jun 30 - Jul 1, 2025) fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.

International Space Station Research and Development Conference (Seattle, Washington, USA, Jul 28 - 31, 2025) At ISSRDC, learn how to harness the International Space Station (ISS) and the unique conditions of space to help solve your most pressing research and development (R&D) challenges.

DEF CON 33 (Las Vegas, Nevada, USA, Aug 7 - 10, 2025) DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 06.24.25

At a glance.

Salt Typhoon breached a Canadian telecom.

Steel giant Nucor says data was stolen during last month's attack.

APT28 distributes new malware via Signal phishing attacks.

Notes.

Attacks, Threats, and Vulnerabilities

Marketplace

Products, Services, and Solutions

Litigation, Investigation, and Law Enforcement

Events