APT group Salt Typhoon, linked to China, has infiltrated telecommunications companies in dozens of countries with at least eight US firms compromised, according to a senior White House official. The group has been active for one to two years and has hacked telecommunications providers in several dozen countries. The White House has said it wants to mandate minimum cybersecurity practices for telecoms. The Commerce Department’s tech security office is also preparing measures to address risks from IT and communications transactions linked to China.
Australia, Canada, New Zealand and the US have issued a guide advising on best practices to strengthen network security, following warnings linked to PRC-linked cyber espionage targeting telecoms. The guidelines cover scrutiny of network device configurations, advanced monitoring solutions, and restricting internet exposure of management traffic.
The US experts detected that Chinese cyber espionage hackers had stolen information from people who were primarily involved in government or political activity, regarding the breach of private communications. Experts’ suspect state-sponsored hackers gathered extensive internet traffic during the intrusion.
Data from AT&T, Verizon, and Lumen Technologies that was the target of a Salt Typhoon breach, which occurred in September, may have been accessed. T-Mobile was also recently targeted.
The Biden administration’s priority is to safeguard tech and telecom infrastructure from Chinese-linked cyber espionage operations to protect US national security.
Experts believe that security breaches like this could enable disruptive attacks during potential future conflicts.
The investigation continues into the breaches of US broadband providers, assessing its scope and whether threat actors compromised Cisco routers.
Telecoms must adopt secure password storage, phishing-resistant MFA, session token limits, and Role-Based Access Control (RBAC) to reduce vulnerabilities, disrupt intrusion attempts, and strengthen network defenses.
The US government and law enforcement will continue investigating a large-scale cyber-espionage campaign by Chinese-linked threat actors targeting US telecoms; stolen data was subject to US law enforcement requests pursuant to court orders.
Security breaches such as this are part of China’s broader strategy, which puts US officials increasingly on edge about Chinese cyber efforts to infiltrate critical infrastructure.