A major Chinese espionage group targeted some 80 nations—and likely more than just telecommunications companies—in a sweeping hack discovered last year, U.S. investigators said Wednesday.
At least 600 organizations were notified by the FBI that the group — known as Salt Typhoon — had interest in their systems, the FBI’s cybersecurity division director Brett Leatherman said in media interviews Wednesday that dovetailed with a release of a technical advisory about the hacking activity. Nextgov/FCW previously reported that hundreds of entities — telecom providers and others — were notified of potential compromise.
Salt Typhoon breached major telecom carriers in a global, multi-year espionage operation that, in part, targeted the phone conversations of key American officials, including now-President Donald Trump and Vice President JD Vance. Additional discoveries about its scope and scale have trickled out over the past year.
The hackers are “targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging and military infrastructure networks,” the advisory says. It lists Canada, the United Kingdom, Germany, Japan and other allied nations’ cyberintelligence directorates as co-signers.
The document is among the most lengthy guidance to date designed to help known or potential victims of the hackers.
“It’s great to finally see such a useful, actionable hunt guide released on this threat. This document should start to level the playing-field for networks that have been struggling to evict these threat actors for a year or more,” said Marc Rogers, a seasoned telecommunications cybersecurity expert.
The intrusions have been happening since at least 2019, Leatherman said in a video statement, allowing the Chinese cyberspies to quietly burrow across telecom operators’ internet infrastructure and collect intelligence about prime targets.
Some of the vulnerabilities exploited by Salt Typhoon go back to 2018, Nextgov/FCW previously reported. Security patches were issued, but many telecom companies never implemented them.
Between January and March of last year, Salt Typhoon also “exfiltrated configuration files associated with other U.S. government and critical infrastructure entities, including at least two U.S. state government agencies,” according to a declassified DHS memo released in July the revealed a state’s National Guard systems were compromised by the hackers.
Salt Typhoon breached several U.S. telecom providers’ “lawful intercept” systems that house wiretap requests used to surveil suspected criminals and spies. Telecom providers are required to engineer their networks for these legal access requests under the 1994 Communications Assistance for Law Enforcement Act. Many other nations have similar laws.
The post Salt Typhoon hackers targeted over 80 countries, FBI says appeared first on Defense One.
