FBI and Allies Warn of Ongoing Salt Typhoon Cyber Campaign Targeting 200 US Companies in 80 Countries
The U.S. Federal Bureau of Investigation, along with other law enforcement agencies and international partners, is sounding the alarm on an alleged Chinese government-backed cyber campaign known as "Salt Typhoon" that has targeted over 200 U.S. companies across 80 countries.
The FBI, NSA, CISA, and DOD's Cyber Crime Center, joined by counterparts in the UK, Canada, Australia, Germany, Italy, and Japan, are warning of a state-sponsored espionage operation that represents one of the most pervasive attacks discovered to date. The joint advisory outlines the tactics, techniques, and procedures (TTPs) used by the group and stresses that its focus on network infrastructure, such as routers, virtual private networks, and other edge devices, allows intrusions to bypass conventional endpoint defenses.
Salt Typhoon is not a new player in the world of cyber threats. The group has already caused significant damage in the past, including a large-scale cyberattack campaign against U.S. telecommunications companies in 2024 that exposed sensitive information affecting over a million users, including senior political figures. More recently, Salt Typhoon was found to have infiltrated a U.S. National Guard network for months, quietly extracting credentials, diagrams, and sensitive configuration data from dozens of organizations.
The latest update sees the U.S. and its allies name three Chinese companies that are allegedly involved with Salt Typhoon: Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin Ruijie Network Technology Co. Ltd. These companies are claimed to have provided cyber products and services to China's Ministry of State Security and the People's Liberation Army to facilitate the Salt Typhoon attacks.
Organizations in sectors including telecommunications, defense, transportation, and hospitality are being asked to assume that compromise may have already occurred and take immediate steps to harden their defenses. Recommended actions include rapid patching of known vulnerabilities, adopting zero-trust architectures, conducting proactive threat hunting, and leveraging the indicators of compromise published in the joint advisory.
Salt Typhoon, also known as Earth Estrie and Ghost Emperor, has been active since at least 2019. The group maintains long-term persistence by compromising network-level devices before collecting intelligence at scale. "Beijing's indiscriminate targeting of private communications demands our stronger collaboration with our partners to identify and counter this activity at the earliest stages," said Brett Leatherman, assistant director of the FBI's Cyber Division.
"If you believe you are a victim of Salt Typhoon — or any other malicious cyber activity — I encourage you to contact your local FBI field office," Leatherman added. The message from John Furrier, co-founder of SiliconANGLE, is clear: "Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE's Alumni Trust Network, where technology leaders connect, share intelligence, and create opportunities."
The future of cybersecurity hangs in the balance as the threat landscape continues to evolve. Will you be prepared for the next wave of cyber attacks? Stay informed, stay vigilant, and protect your organization from falling victim to Salt Typhoon and other malicious actors.