Following the Salt Typhoon hack of multiple major U.S. telecommunications carriers,
The FBI and a prominent government cybersecurity agency are cautioning Android and iPhone users to refrain from sending unencrypted texts to users of the other operating system.
The U.S. government is raising alarms over cyberattacks that were linked to the Chinese government and that affected significant parts of the American telecommunications network. Sen. Mark Warner (D-VA), who chairs the Senate Intelligence Committee, has referred to it as the “worst telecom hack in our nation’s history” and said that, in comparison, it made earlier hacks by Russian agents seem like “child’s play.”
The intricate operation started as early as 2022 and was executed by a gang of Chinese hackers known as Salt Typhoon. According to U.S. authorities, its goal was to compromise routers and switches operated by AT&T, Verizon, Lumen, and other firms in order to provide Chinese agents with continuous access to telecommunications networks throughout the United States.
Following rumors that the FBI and Cybersecurity and Infrastructure Security Agency were helping phone companies combat past network intrusions linked to China, this attack was launched. The earlier breach was a component of a larger effort that targeted Washington-area individuals in political or governmental positions, including presidential hopefuls in 2024.
However, the Salt Typhoon is not limited to Americans. According to research from security company Trend Micro, Salt Typhoon assaults have recently jeopardized other vital facilities globally. These discoveries have also been corroborated by U.S. authorities, and their level of worry is notable.
Similar to how they have responded to accusations regarding other intrusions, Chinese officials have denied that they are responsible for this operation.
The magnitude and severity of this assault are astounding to me as a cybersecurity researcher. However, the occurrence of such an incidence is not surprising. Numerous businesses of all sizes continue to operate IT infrastructures that are too complicated to properly monitor, manage, and secure, lack adequate resources, or disregard sound cybersecurity practices.
How awful is it?
Salt Typhoon made use of technological flaws in firewalls and other cybersecurity devices that are used to safeguard big businesses. The attackers employed more traditional methods and expertise after they were inside the network to broaden their scope, collect data, remain undetected, and install malware for later use.
The FBI claims that the Salt Typhoon gave Chinese officials access to a significant number of documents that detailed the where, when, and with whom certain people were corresponding. They mentioned that in certain instances, Salt Typhoon also provided access to text messages and phone call contents.
The backdoors, or secret portals, that phone companies give law enforcement to request court-ordered phone number tracking in response to investigations were also hacked by Salt Typhoon. Additionally, U.S. intelligence uses this same site to monitor foreign targets within the country.
Therefore, it’s possible that Salt Typhoon attackers were able to learn which Chinese spies and informants were being watched by counterintelligence organizations. This information might have helped those targets attempt to avoid being watched.
Together with its colleagues in Australia, New Zealand, and Canada, the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency issued public guidelines on December 3 on how to respond to the Salt Typhoon assault. Best cybersecurity procedures for enterprises that might help lessen the impact of Salt Typhoon or potential copycat attacks are largely reiterated in their Enhanced Visibility and Hardening Guidance for Communications Infrastructure guide.