Talos confirms that at least one known Cisco bug, CVE-2018-0171, was likely to have been actively exploited by Salt Typhoon. But the researchers say that the primary approach was to target legitimate existing credentials, likely through a variety of methods.

