Dutch Intelligence Warns of Chinese-Linked APT Salt Typhoon Targeting Local Critical Infrastructure

Dutch Intelligence Warns of Chinese-Linked APT Salt Typhoon Targeting Local Critical Infrastructure

Dutch intelligence agencies have issued a warning that Chinese cyber spies, linked to the Advanced Persistent Threat (APT) group known as Salt Typhoon, have targeted local critical infrastructure in the Netherlands. The MIVD and AIVD, the country's General Intelligence and Security Service, have confirmed that parts of the US findings on the Salt Typhoon hacking campaign have been validated through their own sources.

In December 2024, President Biden's deputy national security adviser, Anne Neuberger, revealed that China-linked APT group Salt Typhoon had breached telecommunications companies in dozens of countries. The Wall Street Journal reported that at least eight U.S. telecommunications firms were compromised in the attack, highlighting the global scope and strategic risk associated with the campaign.

The Salt Typhoon hacking campaign, which has been active for 1-2 years, has targeted telecommunications providers in several dozen countries, according to a U.S. official. European agencies including Germany's BND, Finland's SUPO, the UK's NCSC, and Italy's AISE have also backed the alerts, underscoring the campaign's global scope.

According to Dutch intelligence agencies, the China-linked APT group targeted the Netherlands, focusing on smaller internet service and hosting providers. An investigation by the MIVD and AIVD revealed that the hackers had access to routers belonging to the Dutch targets, but did not penetrate any further into their internal networks.

Dutch authorities warn that advanced cyber operations require constant monitoring to reduce, but not eliminate, risks, challenging national cyber resilience. Recently, Dutch intelligence co-issued an advisory blaming three Chinese tech firms for intrusions linked to Salt Typhoon, and other campaigns affecting multiple countries.

This week, Dutch intelligence agencies, the U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and allies warned that Chinese APT actors, linked to Salt Typhoon, are targeting global telecom, government, transport, lodging, and military sectors. A joint Cybersecurity Advisory has been released to expose advanced persistent threat (APT) actors sponsored by the Chinese government targeting telecommunications, government, transportation, lodging, and military infrastructure networks globally and outline appropriate mitigation guidance.

The malicious activity outlined in the advisory partially overlaps with cybersecurity industry reporting on Chinese state-sponsored threat actors referred to by names such as Salt Typhoon. A joint Cybersecurity Advisory (CSA) (“Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System,”) published by the intelligence and cybersecurity agencies has linked these malicious activities to multiple China-based entities, including Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd.

These Chinese tech firms provide cyber products and services to China's Ministry of State Security and People's Liberation Army. The “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System,” provides details on tactics, techniques, and procedures (TTPs) associated with these nation-state actors.

As the threat landscape continues to evolve, it is essential for individuals, businesses, and governments to stay vigilant and take proactive measures to protect themselves against advanced cyber threats. Follow us on Twitter: @securityaffairs and Facebook and Mastodon for the latest news and updates on cybersecurity and beyond.