Cyberattacks linked to the Chinese government are alarming the US government, affecting significant parts of the American telecommunications network.
Senator Mark Warner, the chair of the Senate Intelligence Committee, has referred to the cyberattack as the “worst telecom hack in our nation’s history,” stating that it outperformed earlier hacks by Russian agents.
The intricate cyberattack started as early as 2022 and was executed by a group of Chinese hackers known as Salt Typhoon. According to US officials, its goal was to compromise routers and switches operated by AT&T, Verizon, Lumen, and other firms to provide Chinese agents with continuous access to telecommunications networks throughout the United States.
Following rumours that the FBI and Cybersecurity and Infrastructure Security Agency were helping phone companies combat past network intrusions linked to China, this attack was launched. The earlier hack was a component of a larger effort that targeted Washington-area individuals in political or governmental positions, including presidential hopefuls in 2024.
However, Americans are not the only victims of “Salt Typhoons.” According to research from security vendor Trend Micro, Salt Typhoon assaults have recently jeopardised other vital facilities globally. US officials have also confirmed these discoveries, indicating a significant concern. Chinese authorities, on the other hand, have denied responsibility for this operation, as they have for previous intrusions.
In the opinion of noted cybersecurity expert Richard Forno, the magnitude and scope of this attack are just astounding.
“However, the occurrence of such an incident is not surprising. Numerous businesses of all sizes continue to operate IT infrastructures that are too complicated to efficiently monitor, manage, and secure, lack adequate resources, or disregard sound cybersecurity practices,” he stated.
How awful is it?
Salt Typhoon, believed to be a threat actor connected to China and has been in operation since 2019, has its primary targets within the United States, Southeast Asia and various African countries, while executing goals like information theft and espionage.
Also known as FamousSparrow, GhostEmperor, Earth Estries and UNC2286, the group was first observed in 2024 and was believed to be responsible for infiltrating Internet Service Providers (ISPs) in the United States to obtain data related to law enforcement activities.
Salt Typhoon exploited technological weaknesses in firewalls and other cybersecurity devices which protect large businesses. The attackers employed more traditional methods and expertise after they were inside the network to broaden their scope, collect data, remain undetected, and install malware for later use.
The FBI reports that the Salt Typhoon operation granted Chinese officials access to a substantial number of documents detailing the timing, locations, and individuals involved in specific communications. In some cases, Salt Typhoon also allowed access to the contents of text messages and phone calls.
As per the White House, the backdoors, or private portals, that phone companies give law enforcement to request court-ordered phone number monitoring in response to investigations were also hacked by Salt Typhoon. Additionally, the American intelligence apparatus uses this same site to monitor foreign targets within the country.
Therefore, it’s possible that the attackers of the Salt Typhoon were able to identify the Chinese spies and informants under surveillance by counterintelligence organisations. This information could have aided those targets in their attempts to evade surveillance.
Together with its counterparts in Australia, New Zealand, and Canada, the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency issued public guidelines on December 3 on how to respond to the Salt Typhoon attack. In their Enhanced Visibility and Hardening Guidance for Communications Infrastructure guide, they go over again the best cybersecurity practices for businesses that could help lessen the effects of Salt Typhoon or possible copycat attacks.
Nonetheless, it offers suggestions for safeguarding particular telecom devices for a few of the Cisco products that were the focus of this attack.
Even though the attack has been going on for months, US officials and the impacted organisations have not yet been able to completely determine the attack’s breadth, depth, and severity or expel the attackers from compromised networks.
In November 2024, CNN reported about the FBI informing one of President-elect Donald Trump’s lead attorneys about his cellphone being tapped by Chinese hackers, as part of a wide-ranging months-long operation targeting top Republicans and Democrats.
The FBI informed the attorney, Todd Blanche, that the hackers obtained some voice recordings and text messages from his phone, but that none of the information was related to Donald Trump. The FBI provided Blanche, who has had to start using a different number after the breach, what the hackers obtained, including communications with family.
Blanche was the second of two Trump attorneys believed to be targeted by foreign hackers. In August 2024, attorney Lindsey Halligan was allegedly targeted as part of a separate Iranian hacking effort.
Chinese hackers have also targeted other top figures in Donald Trump’s orbit, including Trump himself and the vice president-elect, Senator JD Vance. Other targets included Trump’s son-in-law Jared Kushner and son Eric Trump, members of the Harris-Walz campaign and members of the Biden administration.
Washington launched a probe against the hacking campaign, which came via intrusions at US telecom firms AT&T, Lumen and Verizon, and considers it to be among the most concerning national security-related hacks in recent memory.
The Chinese spies have forced US government employees to take unusual security precautions. The Consumer Financial Protection Bureau, for example, has directed its employees to only use Microsoft Teams and Cisco WebEx to conduct work-related business involving non-public information.
What are the options?
According to American officials, the infrastructure’s pre-existing flaws were a major factor in Salt Typhoon’s ability to reach its targets. The failure to follow simple cybersecurity best practices can lead to crippling incidents for enterprises of all sizes. Maintaining cybersecurity measures that make it harder for assaults to succeed is more crucial than ever given how reliant on networked information systems the globe is, particularly for vital infrastructure like the phone network.
The Cybersecurity and Infrastructure Security Agency released its best practices guidelines earlier this week, and organisations should remain vigilant and follow them. To stay updated on the tactics and strategies employed by attackers and learn how to counter them, organisations should monitor not only the news but also various free, proprietary, or private threat intelligence feeds and unofficial professional networks.
To meet their needs and guarantee the implementation of best practices, businesses and governments need to ensure that their cybersecurity programmes and IT departments have enough personnel and funding. Companies that don’t strengthen their defences against Chinese hacking risk fines from the Federal Communications Commission.
Salt Typhoon is probably not a major problem for the average American, yet illegal surveillance is worrisome. The Chinese government probably doesn’t care about your family calls or text messages to friends. However, end-to-end encrypted chat services like Signal, FaceTime, or Messages are a viable option if one wants to slightly improve security and privacy.
Additionally, check that the passwords on your devices—including your home router—are not default or simple to figure out. Additionally, to further fortify the security of any important internet accounts, think about implementing two-factor authentication.
Bad dudes and backdoors
It’s important to acknowledge that Salt Typhoon has confirmed the long-standing warnings from the internet security community. Efforts to impose secret or proprietary access to technology are likely to be unsuccessful, and no such access will go unnoticed or be used solely by “the good guys.”
The government has spent decades trying to weaken encryption capabilities so that only “the good guys” can use them, so it’s a little ironic that one of the countermeasures it recommends to prevent Salt Typhoon spying is to use highly encrypted services for text messages and phone calls.