FILTERING BY: CLEAR FILTER

Salt Typhoon Breach: Compromise of FBI and CALEA-Compliant Interception Systems

State-sponsored actor Salt Typhoon (linked to China's MSS) compromised US telecommunications providers and FBI surveillance networks by exploiting unpatched edge networking devices, including Cisco routers. Adversaries leveraged lateral movement from provider edge (PE) and customer edge (CE) routers to access CALEA-compliant interception gateways. This allowed unauthorized exfiltration of court-authorized wiretap returns, pen register data, and trap-and-trace metadata for over one million users. The breach exposed sensitive PII and operational security (OPSEC) for FBI investigative targets and undercover assets. Persistence was maintained via the Demodex kernel rootkit and SparrowDoor backdoors, with C2 traffic routed through LightNode VPS.


LINK COPIED TO CLIPBOARD