Salt Typhoon - The Chinese Telecom Hack

Uploaded on 2025-01-20 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

Brought to you by CYRIN

Cybersecurity 2025 began with the dramatic breaking news of the Chinese Telecom Hack. Although what has been called the Salt Typhoon attack made headlines around the globe, the issue in fact has a complicated history that has been gaining momentum for some time.

In December 2024, Federal cyber officials held a news briefing stating that Chinese hackers had launched large-scale attacks on several major United States telecom firms including AT&T, Verizon and T-Mobile. The FBI began investigating the “Salt Typhoon” attack in late spring, so the issue had been building for some time. The breach of the cellular data of thousands (possibly millions) of Americans was first revealed in November and was far from a small scale attack. In addition, early reports indicate that no one really knows how long the attackers have been in the systems and the scope of what they have been doing. According to Cybersecurity Dive, Federal officials said at the media briefing in early December that the attacks were “widespread and actively evolving and that officials still don’t know the full extent of damages caused by the global espionage campaign or what remains at risk.”

Unfortunately, there are no official reports indicating how or if the attacks were successful or in what way; if malware was installed; or what information the hackers were seeking and for what purpose. Cybersecurity Dive reports that authorities have confirmed that the group poses a “persistent threat,” and speculated again that “malicious activity is ongoing.” In terms of future risk, Jeff Greene from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted that it’s not yet known if the hackers have been completely ejected from the networks, and “we still don’t know the scope of what they’re doing.” In November the FBI and CISA issued a joint statement into the ongoing investigation into the hack orchestrated by the People’s Republic of China (PRC) hack and revealed that it was “broad and significant.”

Although CISA, the FBI, the National Security Agency and cyber authorities in Australia, Canada and New Zealand are still in the information gathering stage, and as of this writing have not released any official or definitive information, there has been hardening guidance designed to help telecom providers moving forward as details reveal themselves.

This sophisticated hack has raised the alarm as one of the largest in US history. In addition, the United States, Australia, Canada and New Zealand claim it is part of an intelligence operation conducted by “PRC affiliated threat actors.” Salt Typhoon has also attacked state entities in Southeast Asia since August of 2024. All in all, Salt Typhoon is considered “one of the most aggressive Chinese state hacker groups.”

Cybersecurity doesn’t always make the primetime nightly news, but due to the severity of the event, all the major television networks picked up the story. Homeland Security Secretary Alejandro Mayorkas admitted that the hack is a “very, very serious matter,” and “a very sophisticated hack” that was no doubt escalating for some time, with implications for intelligence being particularly alarming.

This breach targeted close to home. According to their representatives the FBI informed the presidential campaigns of Donald Trump and Kamala Harris in October that they were targeted as well as the office of Senate Majority Leader Chuck Schumer, D-N.Y.

As reported by PBS, Chinese hackers had infiltrated at least eight communications firms in the United States and over the last one to two years - quote - "dozens" of telecommunications companies across Asia and Europe, and the hack was ongoing, according to Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger.

Why Does This Matter?

The eight targeted US telecommunications firms are not the only ones struggling to defend their networks. Advanced Persistent Threats (APTs) possibly linked to Salt Typhoon have compromised telecommunications firms in the Asia-Pacific (APAC) and the Middle East and North Africa (MENA) regions as well. In 2022, a Chinese APT group called Daggerfly and Evasive Panda hacked systems at a telecommunications organization in Africa. Experts speculate that telecommunications networks are strategic targets for malicious actors, in part, as they can kickstart a geopolitical strategy. China’s infiltration of worldwide networks may be part of such a strategy to destabilize and gather sensitive information about a country’s citizens.

Dark Reading speculates that the Salt Typhoon attacks may lead to one positive outcome: encouraging citizens and governments to use encryption more widely. It’s certainly true that telecommunications providers – private and state-owned – require more robust security. “The global attacks on telecommunications technology demonstrate that even nations with well-considered, strict privacy laws are not safe havens,” says Gregory Nojeim, senior counsel and director of the security and surveillance project at the Center for Democracy and Technology, a digital-rights group.

Next Steps

Clearly, the large scale and sophisticated Salt Typhoon attack is of critical and ongoing concern to US officials; this is further complicated by the ongoing tensions between Washington and Beijing over cyber-espionage and other high-stakes national security issues.

The United States continues to be in conversation with House and Senate intelligence committees, and cybersecurity teams. Cybersecurity experts from Microsoft and Google-owned firm Mandiant are also assisting the investigation into the hack. People probing the attacks have been impressed by the skill, persistence and ability of Salt Typhoon hackers to embed in computer networks.

CYRIN Can Help

Training or lack of has consequences. According to some estimates, organizations can significantly reduce the cost of a breach by an average of $232,867 through cybersecurity training for their employees.

CYRIN can help on several fronts. For the education market, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce.

For industry we continue to work with our partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.

A full-blown cyberattack is not something you can prepare for after it hits. The best time to plan and prepare is before the attack.

Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

Image: Ralf Liebhold

Watch CYRIN: The Next-Generation Cyber Range

Learn More About How CYRIN Online Training Can Benefit You

You Might Also Read: 

Is Zero Trust The Future Of Cybersecurity?:  

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Tackling Cyber Threats In The Public Sector
TikTok Reprieved By Trump »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

USNA Center for Cyber Security Studies

USNA Center for Cyber Security Studies

The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

CyberSec.sk (CSSk)

CyberSec.sk (CSSk)

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

AdaptiveMobile Security

AdaptiveMobile Security

AdaptiveMobile Security, a world leader in mobile network security, protecting more than 2.2 billion subscribers worldwide.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.

Ark Technology Consultants

Ark Technology Consultants

Ark Technology Consultants is a unique IT Services Firm which blends technology solutions with consultative insight around governance and process management.