“Salt Typhoon” orchestrated one of the largest-scale hacking activities in recent years, targeting major global telecommunications and internet companies to steal tens of millions of call records of senior government officials from various countries. Research shows that behind the “Salt Typhoon” is a larger Chinese Communist Party (CCP) hacker network with the goal of assisting the CCP in its potential future invasion of Taiwan. American officials believe that a potential CCP invasion of Taiwan is among the biggest threats of our time.
The US Congressional Committee urges the United States and its allies to strengthen their cybersecurity defenses and hold the CCP accountable for its escalating cyber aggressions.
Leading US tech media and blog TechCrunch recently highlighted that “Salt Typhoon” primarily targets Cisco routers on the networks of major corporations, infiltrating and controlling US telecommunications companies to install surveillance equipment as required by the government for easier monitoring of calls and messages. Other CCP hacker groups, such as “Volt Typhoon” primarily focus on large-scale destructive cyber attacks; while “Flax Typhoon” operates a botnet composed of hijacked internet-connected devices to conceal malicious network traffic.
The article indicates that “Salt Typhoon” is one of the most active hacker organizations in recent years, targeting top US telecommunications companies to assist the CCP in obtaining call records, messages, and phone call recordings of American officials, many of whom are key targets of interest to the CCP.
The Federal Bureau of Investigation (FBI) in the United States is concerned about foreign hostile forces like the CCP eavesdropping on American communications, and has long been urging Americans to switch to end-to-end encrypted instant messaging applications. In addition, the FBI officials revealed that “Salt Typhoon” also targeted at least 200 companies globally, with the list of affected countries constantly growing.
Top US telecommunication companies such as AT&T and Verizon, as well as internet service provider CenturyLink (now Lumen), confirmed being victims of attacks by “Salt Typhoon.” T-Mobile also came under attack, though they disclosed that the hackers were unsuccessful in accessing customers’ calls, messages, or voicemails.
Satellite communications giant Viasat was also breached, with hackers gaining access to law enforcement communication surveillance tools. Internet and data provider Charter Communications (Spectrum) and Windstream were not spared either. Fiber network giant Consolidated Communications reportedly also fell victim to the attacks.
The targets of “Salt Typhoon” hackers are not limited to phone and internet service providers. Multiple reports indicate that “Salt Typhoon” also infiltrated the network of a state National Guard in the US, stealing data and accessing networks of other states and territories in the US.
The Canadian government confirmed that several major telecommunications companies in Canada were targeted by “Salt Typhoon” hackers. Canada also confirmed that multiple Cisco routers of a telecommunications giant were attacked, resulting in data theft. The Canadian government warned that the targets of “Salt Typhoon” attacks are not limited to the telecommunications industry.
Security company Recorded Future stated that researchers found “Salt Typhoon” also targeting Cisco equipment affiliated with universities in countries like Argentina and Mexico in South America. Trend Micro indicated that the most populous country in South America, Brazil, also experienced “Salt Typhoon” attack activities.
Researchers at Recorded Future discovered that “Salt Typhoon” targeted at least one telecommunications operator in Myanmar and one in South Africa through infiltrating Cisco routers. Routers at universities in Bangladesh, Indonesia, Malaysia, and Thailand were also attacked. Japan also reported warnings of “Salt Typhoon” network threats.
The governments of Australia and New Zealand confirmed that their telecommunications and critical infrastructure sectors both experienced incursions by “Salt Typhoon.” The New Zealand government found that government departments, as well as networks of transportation, accommodation, and military infrastructure, were targeted by “Salt Typhoon” hackers.
Trend Micro also discovered that institutions in countries like Afghanistan, Eswatini, India, Taiwan, and the Philippines had at least 20 systems infiltrated, spanning industries such as telecommunications, consulting, chemical manufacturing, transportation, and government agencies and non-profit organizations.
The UK government confirmed a series of network attack activities related to “Salt Typhoon” within the UK. While specific activities have not been disclosed, news reports suggest that the phone records of senior UK government officials may have been eavesdropped on and messages may have been intercepted. Norway also confirmed that several institutions in Norway were targeted by “Salt Typhoon.” The Dutch government stated that small internet service providers and website hosts were targeted, with routers being compromised but internal networks remaining unaffected.
Recorded Future reported an internet service provider in Italy being attacked. Additionally, cybersecurity officials in the Czech Republic stated that Finland and Poland also experienced “Salt Typhoon” related network attack incidents.
The US Congress’ Select Committee on China in a recent X-post stressed that whether it’s “Salt Typhoon” infiltrating global telecommunications networks or “Volt Typhoon” pre-deploying critical infrastructure, the CCP’s intentions behind these cyber activities are espionage and undermining future security. The committee has documented CCP-related hacker operations, including instances of impersonating the committee chairman during high-level US-China meetings in an attempt to steal sensitive information. The United States and its allies must bolster their cybersecurity defenses and hold the CCP accountable for its continually escalating cyber aggressions.