FlagThis

A massive cyberattack, dubbed Salt Typhoon by Microsoft, has compromised major US telecommunications providers, including AT&T and Verizon, and networks in dozens of other countries. The two-year-long campaign, attributed to a Chinese threat actor, is considered one of the most significant intelligence compromises in US history. The White House has confirmed that these Chinese-sponsored hacks have been ongoing for years, and U.S. officials are urging Americans to utilize encrypted messaging apps to protect their communications from further exploitation. This unprecedented attack highlights significant vulnerabilities within the telecommunications sector.

The Salt Typhoon hack targeted both political officials and everyday Americans, potentially granting access to a broad range of communications. While the full extent of the damage remains under investigation, officials acknowledge that the threat actors may still maintain access to US telecom networks. To mitigate the risk, the administration is working with telecom CEOs and cybersecurity experts to improve security measures and emphasize the importance of robust cybersecurity practices. The ongoing investigation underscores the urgent need for enhanced security protocols across the industry.

ImgSrc: cyberscoop.com

References:

• @bleepingcomputer.com - CISA released guidance to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group. - 22d
• Malware Analysis, News and Indicators - The U.S. has been investigating the Salt Typhoon hackers since late spring and early summer this year, a senior FBI official said. - 22d
• Threats - US government statement on the continued presence of Salt Typhoon in telecom networks. - 22d
• Over Security - FBI and CISA statement on the ongoing Chinese hacking campaign in US telecom systems. - 22d
• @patrickcmiller - Joint advisory from cybersecurity agencies warning about PRC-linked cyber espionage targeting telecom networks. - 21d
• Over Security - The Record article on the Chinese cyberattack targeting telecom networks. - 21d
• @patrickcmiller - Infosec.exchange post about the CISA guidance on PRC threat actor compromising networks. - 21d
• Threats - Cyberscoop article about White House confirming that Chinese Telecom hacks have been in motion for years. - 20d
• Metacurity - Senators press DoD on Salt Typhoon, Cops KO massive Russian money-laundering networks, Scattered Spider suspect breached two telcos, Russian programmer hit by spyware, Turla hacks other hackers, BT sh - 20d
• Malware Analysis, News and Indicators - Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications s - 20d
• DataBreaches.Net - Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications s - 19d
• Security Affairs - Security Affairs article on China-linked APT Salt Typhoon breaching telcos. - 19d
• Techmeme - Techmeme summarizes the Reuters report on the Chinese cyber espionage campaign. - 18d
• www.techmeme.com - Techmeme article discussing the alleged hacking of US political figures by China-linked hackers. - 18d

Classification:

• HashTags: SaltTyphoon CyberEspionage TelecomSecurity
• Company: Various Telecoms
• Target: Telecommunication Companies
• Attacker: Salt Typhoon
• Product: Various Telecoms Networks
• Feature: network compromise
• Type: Hack
• Severity: Major