Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.
That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.
That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others. Salt Typhoon has come to be known, in fact, for its sophisticated hacking of network devices—including those sold by Cisco, the world's biggest networking company. US government agencies have warned that the hackers exploited Cisco’s vulnerabilities to obtain user credentials and stealthily move through IT networks without planting malware on victims' machines that can be detected by typical security measures.
Now Cary believes he’s deduced where a couple of the individuals tied to Salt Typhoon's hacking spree may have learned a few of their skills. He found the names of two partial owners of contract firms linked to Salt Typhoon in a recent US government advisory about the group. Those names—Qiu Daibing and Yu Yang—also appeared in university records, showing that students with the same two names had, years earlier, placed in the Cisco Networking Academy Cup, a competition designed to test participants on the knowledge taught in Cisco's Networking Academy training program.
“It's just wild that you could go from that corporate-sponsored training environment into offense against that same company,” Cary says, describing his theory. “You have two students come out of this Cisco Networking Academy, and they go on to help conduct one of the most extensive telecom collection campaigns that's ever been made public.”
When WIRED reached out to Cisco about Cary’s findings, the company responded in a statement that the Cisco Networking Academy is “a skills-to-jobs program that teaches foundational technology skills and digital literacy, helping millions of students obtain the skills to earn basic certifications for entry-level IT jobs each year,” adding that “this program is open to everyone” and has educated more than 28 million students in 190 countries since it launched in 1997.