Salt Typhoon - The Chinese Telecom Hack

Uploaded on 2025-01-20 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

Brought to you by CYRIN

Cybersecurity 2025 began with the dramatic breaking news of the Chinese Telecom Hack. Although what has been called the Salt Typhoon attack made headlines around the globe, the issue in fact has a complicated history that has been gaining momentum for some time.

In December 2024, Federal cyber officials held a news briefing stating that Chinese hackers had launched large-scale attacks on several major United States telecom firms including AT&T, Verizon and T-Mobile. The FBI began investigating the “Salt Typhoon” attack in late spring, so the issue had been building for some time. The breach of the cellular data of thousands (possibly millions) of Americans was first revealed in November and was far from a small scale attack. In addition, early reports indicate that no one really knows how long the attackers have been in the systems and the scope of what they have been doing. According to Cybersecurity Dive, Federal officials said at the media briefing in early December that the attacks were “widespread and actively evolving and that officials still don’t know the full extent of damages caused by the global espionage campaign or what remains at risk.”

Unfortunately, there are no official reports indicating how or if the attacks were successful or in what way; if malware was installed; or what information the hackers were seeking and for what purpose. Cybersecurity Dive reports that authorities have confirmed that the group poses a “persistent threat,” and speculated again that “malicious activity is ongoing.” In terms of future risk, Jeff Greene from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted that it’s not yet known if the hackers have been completely ejected from the networks, and “we still don’t know the scope of what they’re doing.” In November the FBI and CISA issued a joint statement into the ongoing investigation into the hack orchestrated by the People’s Republic of China (PRC) hack and revealed that it was “broad and significant.”

Although CISA, the FBI, the National Security Agency and cyber authorities in Australia, Canada and New Zealand are still in the information gathering stage, and as of this writing have not released any official or definitive information, there has been hardening guidance designed to help telecom providers moving forward as details reveal themselves.

This sophisticated hack has raised the alarm as one of the largest in US history. In addition, the United States, Australia, Canada and New Zealand claim it is part of an intelligence operation conducted by “PRC affiliated threat actors.” Salt Typhoon has also attacked state entities in Southeast Asia since August of 2024. All in all, Salt Typhoon is considered “one of the most aggressive Chinese state hacker groups.”

Cybersecurity doesn’t always make the primetime nightly news, but due to the severity of the event, all the major television networks picked up the story. Homeland Security Secretary Alejandro Mayorkas admitted that the hack is a “very, very serious matter,” and “a very sophisticated hack” that was no doubt escalating for some time, with implications for intelligence being particularly alarming.

This breach targeted close to home. According to their representatives the FBI informed the presidential campaigns of Donald Trump and Kamala Harris in October that they were targeted as well as the office of Senate Majority Leader Chuck Schumer, D-N.Y.

As reported by PBS, Chinese hackers had infiltrated at least eight communications firms in the United States and over the last one to two years - quote - "dozens" of telecommunications companies across Asia and Europe, and the hack was ongoing, according to Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger.

Why Does This Matter?

The eight targeted US telecommunications firms are not the only ones struggling to defend their networks. Advanced Persistent Threats (APTs) possibly linked to Salt Typhoon have compromised telecommunications firms in the Asia-Pacific (APAC) and the Middle East and North Africa (MENA) regions as well. In 2022, a Chinese APT group called Daggerfly and Evasive Panda hacked systems at a telecommunications organization in Africa. Experts speculate that telecommunications networks are strategic targets for malicious actors, in part, as they can kickstart a geopolitical strategy. China’s infiltration of worldwide networks may be part of such a strategy to destabilize and gather sensitive information about a country’s citizens.

Dark Reading speculates that the Salt Typhoon attacks may lead to one positive outcome: encouraging citizens and governments to use encryption more widely. It’s certainly true that telecommunications providers – private and state-owned – require more robust security. “The global attacks on telecommunications technology demonstrate that even nations with well-considered, strict privacy laws are not safe havens,” says Gregory Nojeim, senior counsel and director of the security and surveillance project at the Center for Democracy and Technology, a digital-rights group.

Next Steps

Clearly, the large scale and sophisticated Salt Typhoon attack is of critical and ongoing concern to US officials; this is further complicated by the ongoing tensions between Washington and Beijing over cyber-espionage and other high-stakes national security issues.

The United States continues to be in conversation with House and Senate intelligence committees, and cybersecurity teams. Cybersecurity experts from Microsoft and Google-owned firm Mandiant are also assisting the investigation into the hack. People probing the attacks have been impressed by the skill, persistence and ability of Salt Typhoon hackers to embed in computer networks.

CYRIN Can Help

Training or lack of has consequences. According to some estimates, organizations can significantly reduce the cost of a breach by an average of $232,867 through cybersecurity training for their employees.

CYRIN can help on several fronts. For the education market, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce.

For industry we continue to work with our partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.

A full-blown cyberattack is not something you can prepare for after it hits. The best time to plan and prepare is before the attack.

Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

Image: Ralf Liebhold

Watch CYRIN: The Next-Generation Cyber Range

Learn More About How CYRIN Online Training Can Benefit You

You Might Also Read:

Is Zero Trust The Future Of Cybersecurity?:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.