Chinese Hackers Hid in a Canadian Telecom for Months—Unpatched

A new federal government report says that Chinese government-backed hackers—known in the cybersecurity world as Salt Typhoon—broke into the network of a Canadian telecom company earlier this year.

Chinese hackers used a known flaw in Cisco equipment (called CVE-2023-20198) to snoop around, change settings, and potentially spy on data flowing through the system, sometime before April of last year.

These attacks were carried out by a group known as “Velvet Ant,” which is suspected to have links to China’s Ministry of State Security (MSS). Cisco was notified of the vulnerability and issued a patch in April 2024.

However, the attackers managed to stay undetected within certain networks for months, even after the patch was released. The report warns that this shows how sophisticated these state-sponsored groups have become and highlights the importance of updating systems promptly to avoid long-term access by foreign actors .

This is part of a bigger spying campaign. The Canadian Centre for Cyber Security and the FBI say China’s state-sponsored hackers have already hit major telecom companies around the world. Now, they’ve turned their attention to Canada.

Why telecom? Because these companies carry all our calls, texts, and internet activity. If a government gains access to those systems, they can collect valuable info like who you’re talking to, where you are, and what you’re saying.

The telecom has not been named, and we may never know which one it was. The open access by hackers continued well before April 2024 and existed until systems were patched.

According to the report, this isn’t just about stealing tech secrets or spying on politicians. It’s also about gathering massive amounts of data on regular people. China is likely trying to collect as much as possible to feed its intelligence machine.

What’s worse? The feds say Chinese hackers might also use infected Canadian systems to launch future attacks on others.

Back in May 2022, the federal government banned China’s Huawei 5G gear in Canada, a decision that took years. Bell has since removed all Huawei gear from its 5G network. Telus still has some Huawei 4G hardware, but a software update has allowed some to work on 5G networks.

During the recent 2025 federal election, the Security and Intelligence Threats to Elections (SITE) Task Force identified a Chinese-backed “information operation” on WeChat, that was linked to the Chinese Communist Party’s Central Political and Legal Affairs Commission. This operation targeted Liberal leader (and now Prime Minister) Mark Carney with both positive and negative narratives to influence Chinese Canadian voters.