FILTERING BY: CLEAR FILTER

Salt Typhoon Breach: Compromise of FBI and CALEA-Compliant Interception Systems

State-sponsored actor Salt Typhoon (linked to China's MSS) compromised US telecommunications providers and FBI surveillance networks by exploiting unpatched edge networking devices, including Cisco routers. Adversaries leveraged lateral movement from provider edge (PE) and customer edge (CE) routers to access CALEA-compliant interception gateways. This allowed unauthorized exfiltration of court-authorized wiretap returns, pen register data, and trap-and-trace metadata for over one million users. The breach exposed sensitive PII and operational security (OPSEC) for FBI investigative targets and undercover assets. Persistence was maintained via the Demodex kernel rootkit and SparrowDoor backdoors, with C2 traffic routed through LightNode VPS.

FBI Kinetic Cyber Range KCR

The FBI has deployed a "Kinetic Cyber Range" (KCR), a high-fidelity physical replica of a small-town ecosystem, to simulate cyber-physical attacks against critical infrastructure. Unlike traditional virtual sandboxes, the KCR utilizes hardware-in-the-loop simulations involving ICS/SCADA systems for water and power, Medical IoT, and EHR platforms. The range enables researchers and responders to model cascaded failure events—where a single network compromise propagates through municipal DNS and ISP infrastructures to trigger physical equipment damage and life-safety disruptions. This environment is critical for quantifying kinetic impact and improving inter-agency recovery orchestration during ransomware-induced service outages.


LINK COPIED TO CLIPBOARD