Salt Typhoon Hackers Targeted Over 80 Countries, FBI Says

A shocking revelation has emerged from the US Federal Bureau of Investigation (FBI) regarding a massive cyberattack that has left the global telecommunications sector reeling. According to an FBI advisory released on Wednesday, Chinese hackers known as Salt Typhoon have targeted some 80 nations in a sweeping hack of global telecom systems discovered last year.

The cyberattack appears to have reached into other organizations beyond the telecom industry, including transportation and military infrastructure networks. This marks a confirmed expansion of the campaign that initially appeared to be focused on standard communications networks. The FBI's Cybersecurity Division Director, Brett Leatherman, revealed in media interviews that at least 600 organizations were notified by the agency that the hackers had interest in their systems.

The Salt Typhoon group was previously known to have breached major telecom carriers in a global, multi-year espionage operation that targeted the phone conversations of key American officials, including President Donald Trump and Vice President JD Vance. Additional discoveries about its scope and scale have trickled out over the past year, shedding light on the hackers' far-reaching ambitions.

The FBI advisory provides detailed guidance to help known or potential victims of the Salt Typhoon hackers, warning them of the risks associated with their activities. The document lists Canada, the United Kingdom, Germany, Japan, and other allied nations' cyberintelligence directorates as co-signers, underscoring the global nature of this threat.

"It's great to finally see such a useful, actionable hunt guide released on this threat," said Marc Rogers, a seasoned telecommunications cybersecurity expert. "This document should start to level the playing-field for networks that have been struggling to evict these threat actors for a year or more." The advisory is among the most lengthy guidance to date designed to help victims of the hackers.

According to Leatherman, the intrusions have been happening since at least 2019, allowing the Chinese cyberspies to quietly burrow across telecom operators' internet infrastructure and collect intelligence about prime targets. Some of the vulnerabilities exploited by Salt Typhoon go back to 2018, Nextgov/FCW previously reported. Security patches were issued, but many telecom companies never implemented them.

Between January and March of last year, Salt Typhoon also "exfiltrated configuration files associated with other U.S. government and critical infrastructure entities, including at least two U.S. state government agencies," according to a declassified DHS memo released in July the revealed a state's National Guard systems were compromised by the hackers.

Furthermore, Salt Typhoon breached several U.S. telecom providers' "lawful intercept" systems that house wiretap requests used to surveil suspected criminals and spies. Telecom providers are required to engineer their networks for these legal access requests under the 1994 Communications Assistance for Law Enforcement Act. Many other nations have similar laws.

The FBI advisory serves as a stark reminder of the ever-evolving threat landscape in the world of cybersecurity. As experts warn, it is essential for organizations and governments worldwide to take proactive measures to protect themselves against such sophisticated attacks. The fight against cyber threats requires constant vigilance and cooperation between nations to prevent the spread of malicious activity.