Salt Typhoon hacks declared national security crisis

It is believed that the Salt Typhoon campaign has compromised critical telecommunications networks for the purpose of cyber espionage and disruption, while defence contractors may also be at risk.

“People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks,” the advisory notes.

“The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese state-sponsored and other malicious cyber activity.”

Other co-authors of the advisory include the UK’s National Cyber Security Centre, Germany’s Federal Intelligence Service and Japan’s National Cyber Office.

The Salt Typhoon group has been active since at least 2019 and has targeted at least 200 companies across 80 countries.

Notable attacks include a 2024 campaign against US telecommunications companies, which impacted AT&T, T-Mobile and Verizon.

In April, the FBI announced a $10 million bounty for any information on individuals associated with the group.

The FBI’s latest advisory is designed to help cyber security defenders to detect and prevent Salt Typhoon attacks, while also giving steps on how to respond to the threat.

“Beijing’s indiscriminate targeting of private communications demands our stronger collaboration with our partners to identify and counter this activity at the earliest stages,” said Brett Leatherman, assistant director of the FBI’s Cyber Division.

“Defending the homeland means protecting the American people and our institutions from foreign intelligence collection and cyber operations.”