Hackers tied to the Chinese government infiltrated the networks of several U.S. broadband providers, potentially compromising systems that manage government-authorized wiretap requests. The breach, attributed to a China-linked hacking group known as “Salt Typhoon,” could have allowed access to sensitive information and communications data, according to an exclusive report by The Wall Street Journal.
The cyber intrusion reportedly affected key telecommunications players, including AT&T, Verizon, and Lumen Technologies. The breach, which is currently under investigation, is considered a significant national security threat. Salt Typhoon managed to gain access to network infrastructure that is used to cooperate with lawful wiretap requests in the U.S., according to sources familiar with the investigation. The hackers also appear to have tapped into broader internet traffic flowing through the networks of these providers, which serve millions of businesses and Americans, as well as some service providers outside of the U.S.
The intrusion was only discovered in recent weeks, suggesting that the hackers may have had access for months or even longer. Both government investigators and private-sector security experts are working to determine the full scope of the breach, as well as the potential data viewed or exfiltrated.
Who Is Salt Typhoon?
Salt Typhoon is a Chinese state-sponsored hacking group active since 2020, primarily focused on cyber-espionage and data theft, especially targeting network traffic. Microsoft, which is investigating the breach, notes that Salt Typhoon primarily targets entities in North America and Southeast Asia. In their August research note, Microsoft indicated that the group is also known by other names, such as “GhostEmperor” and “FamousSparrow.” This group's activities are particularly concerning given that they specialize in intelligence collection, making this attack a major addition to the ongoing security challenges posed by Chinese cyber operations.
Tapping on the wiretaps
The surveillance systems compromised in this breach are typically used to comply with U.S. authorities' requests for domestic information related to criminal and national security investigations. Telecommunications and broadband companies are legally obligated to facilitate such intercepts upon a court order. However, the full extent of the compromised systems and whether they also supported foreign intelligence surveillance activities remains unclear.
Private security analysts, along with U.S. authorities, are actively probing the origins of the Salt Typhoon attack and investigating whether the hackers gained access to Cisco Systems' routers, critical components that handle the majority of global internet traffic. Although Cisco is aware of the situation and is investigating the matter, there is no confirmation that its routers were involved.
Larger context of Chinese cyber espionage
The discovery of Salt Typhoon's intrusion adds to the broader context of China's increased cyber operations. U.S. officials have expressed growing concerns about China's espionage tactics, which include cyberattacks on critical infrastructure, business networks, and government systems.
Recently, U.S. authorities have disrupted several other China-linked campaigns, including Flax Typhoon and Volt Typhoon, both aimed at infiltrating U.S. infrastructure networks like water treatment facilities and power stations, potentially for future disruptive cyberattacks in the event of a geopolitical conflict.
Leave a Reply