China-Linked Hackers Trained at Cisco Academy
▼ Summary
– Cisco’s Networking Academy is a global IT training program that promotes education as an equalizer for shaping digital destinies.
– A researcher linked two individuals, Qiu Daibing and Yu Yang, from the Academy to firms associated with the Chinese state-sponsored hacking group Salt Typhoon.
– Salt Typhoon is known for sophisticated cyberespionage, including hacking network devices and exploiting Cisco vulnerabilities to spy on telecoms and US political figures.
– The researcher theorizes these individuals may have used skills from the Cisco program to later conduct offensive operations against the same company’s products.
– Cisco responded that its Networking Academy is an open, foundational skills program that has educated millions worldwide for entry-level IT jobs.
The global reach of Cisco’s Networking Academy, a foundational IT and cybersecurity training program, has inadvertently intersected with state-sponsored cyberespionage, raising complex questions about the dual-use nature of technical education. While designed to foster digital literacy and career opportunities, the skills imparted can be leveraged for purposes far beyond their original intent, as recent investigative findings suggest.
A cybersecurity researcher has identified a potential link between individuals associated with the notorious Chinese hacking group Salt Typhoon and Cisco’s own educational platform. This group, known for sophisticated attacks on network infrastructure, previously compromised telecom firms to surveil communications, including those of high-profile political figures. The investigation points to two specific names, Qiu Daibing and Yu Yang, who are listed as partial owners of firms connected to Salt Typhoon in a U.S. government advisory.
Intriguingly, university records show that students bearing those same names previously competed in the Cisco Networking Academy Cup, a contest that tests proficiency in the very curriculum taught by the academy. This correlation suggests that the foundational networking knowledge gained through Cisco’s program may have been applied in offensive cyber operations, potentially against the company’s own products. Security agencies have previously noted that this hacker group exploited vulnerabilities in Cisco devices to move undetected through networks.
The researcher described the connection as striking, noting the trajectory from a corporate-sponsored educational environment to participating in one of the most extensive publicized telecom espionage campaigns. When questioned, Cisco emphasized the academy’s role as a global “skills-to-jobs” program, open to all and focused on providing certifications for entry-level IT positions. The company highlighted its mission of education as an equalizer, having taught millions of students worldwide since its inception.
This situation underscores a broader dilemma in the tech industry: how to promote open access to essential technical knowledge while mitigating the risk that such education could be weaponized. The case illustrates that cybersecurity training is inherently neutral; its application depends entirely on the user’s intent. For corporations and governments, it reinforces the need for robust security postures that assume adversaries may be intimately familiar with the inner workings of the very technologies they aim to protect.
(Source: Wired)
