Salt Typhoon hacking campaign goes beyond previously disclosed targets, world cyber agencies say
A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets, according to an alert U.S. and world cybersecurity agencies published Wednesday.
The alert is an effort to give technical details to potential victims of the campaign from the People’s Republic of China-backed group commonly known as Salt Typhoon, the alleged culprit behind what has been called the most serious telecom breach in U.S. history. Those intrusions may have begun years ago and that first came to light last fall, accompanied by revelations that the hackers targeted U.S. presidential candidates.
“By exposing the tactics used by PRC state-sponsored actors and providing actionable guidance, we are helping organizations strengthen their defenses and protect the systems that underpin our national and economic security,” Madhu Gottumukkala, acting director of the Cybersecurity and Infrastructure Security Agency, said in a news release.
In comments to The Wall Street Journal and Washington Post on Wednesday, the FBI said the scope of the Salt Typhoon campaign includes hitting more than 80 countries and 200 American organizations, beyond the previous nine identified telecom company victims.
The alert also names Chinese companies identified as being part of the campaign. Its recommendations include patching known vulnerabilities that have been actively exploited and securing “edge” devices that the hackers have used to get into networks, such as routers.
Government agencies participating in the alert hailed from Australia, Canada, Czech Republic, Finland, Germany, Italy, the Netherlands, New Zealand, Poland, Spain and the United Kingdom. U.S. agencies besides the FBI and CISA that collaborated on it included the National Security Agency and the Department of Defense’s Cyber Crime Center.
“The advisory outlines how Chinese state-sponsored actors are exploiting vulnerabilities in routers used by telecommunications providers and other infrastructure operators,” according to the news release. “These actors often take steps to evade detection and maintain persistent access, particularly across telecommunications, transportation, lodging, and military networks.”
Telecommunications networks are a valuable target for hackers because they can serve as a hub into other communications. But targeting the other sectors mentioned in the alert can round out the intel profile for the attackers, said John Hultquist, chief analyst at Google Threat Intelligence Group.
“In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals,” he said in a written statement. “Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.”
