Who is Salt Typhoon?
We are going to start the new year by covering yet another significant hack which involves Chinese hackers. The China-backed hacking group has been dubbed Salt Typhoon and we will cover what we know so far.
In early October 2024, media outlets reported that state-sponsored hackers from the People’s Republic of China (PRC) infiltrated United States telecommunications companies including Internet service providers. It remains unclear how long Salt Typhoon had been lurking inside telecommunication systems. This incident involves 8 to 10 major phone providers, including Verizon, AT&T, T-Mobile and Lumen Technologies. It is reported that Salt Typhoon hackers were able to eavesdrop on unencrypted communications from the phones of dozens of senior U.S. political figures, including President-elect Donald Trump, JD Vance, along with people associated with Democratic candidate Vice President Kamala Harris. Hackers were able to exploit the system U.S. authorities use to wiretap Americans in criminal cases. The hack has exposed vulnerabilities in U.S. wiretapping systems, threatening national security and the data of millions of Americans. The Chinese Embassy in Washinton, DC, denied that Beijing-backed hackers had breached US telecom firms, calling the information “a distortion of the fact.” China continues to reject accusations from U.S. officials that it engages in cyberespionage directed against Americans. The China embassy calls these allegations “disinformation.” They go on to claim: “The US needs to stop its own cyberattacks against other countries and refrain from using cyber security to smear and slander China.”
Salt Typhoon according to Wikipedia has been active since 2020, conducting cyberespionage and widespread data theft. Cybersecurity experts from Microsoft and the Google-owned firm Mandiant have been helping to investigate the hacking activity. Experts from Microsoft have acknowledged that they have been tracking Salt Typhoon and report: “When we see nation state activity, we provide customers with information to investigate as appropriate.” Data records that were compromised contained information on who Americans spoke to, how often, when, as well as detailed location data as afforded by 5G networking services.
The Wall Street Journal reported that Salt Typhoon had the ability to access data on almost any American. The revelation indicates that Beijing was not just trying to steal communications from high-profile targets but potentially sought to snoop on millions of Americans. The White House went on to establish a Cyber Unified Coordination Group (Cyber UCG) on October 8th to coordinate responses to the hacking. The Biden administration has been pretty tightlipped about the cyber intrusion even though press reports suggest it is one of the most serious breaches in recent years.
Senior White House officials met in late November with telecommunications executives to discuss China’s cyber espionage campaigns. The White House Statement reads: “The meeting was an opportunity to hear from telecommunications sector executives oh how the U.S. Government can partner with and support the private sector on hardening against sophisticated nation state attacks.” Federal Authorities have urged telecommunication companies to boost network security.
Members of Congress in the House and Senate have expressed concerns over these breaches and have called on US companies and federal agencies to provide information about the incident. US Government agencies did in fact hold a classified briefing on December 4th for all Senators on this particular incident. The FBI, Director of National Intelligence, the Federal Communications Commission Chair, the National Security Council and the Cybersecurity and Infrastructure Security Agency all took part in the closed-door briefing.
To date, investigators aren’t sure how much data Salt Typhoon might have taken, and it seems they are still struggling to evict the Chinese hacking crew from companies’ networks. They are exploring whether the intruders gained access to Cisco Systems routers. Cisco continues to investigate the matter along with Microsoft. Christopher Wray, the FBI director, says the cyber threat posed by the Chinese government is massive and their hacking program is larger than that of every other major nation combined. There remains a growing concern about the size and scope of Chinese hacking into U.S. telecommunications networks.
Back in 2019, Cybereason, A US cybersecurity firm found that Chinese spies had hacked cellular networks to steal geolocation data as well as text messaging records and call logs. In September, the FBI announced that it had disrupted a vast Chinese hacking operation that involved the installation of malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers. The devices were then used to create a massive network of infected computers (a botnet) that could then be used to carry out other cybercrimes. China’s state-backed hackers have long shown an interest in compromising global telecommunications infrastructure.
T-Mobile has contracts with the Army, Air Force, Special Operations Command and many other divisions of the DOD. In June, it announced a 10-year, $2.67 billion contract with the Navy that “will give all Department of Defense agencies the ability to place orders for wireless services and equipment from T-Mobile for the next 10 years.” T-Mobile recently released a blog post that media reports have been misleading. “T-Mobile detected attempts to infiltrate our systems, but our defense protections prevented any disruption of services and stopped the attack from advancing. “Bad actors had no access to sensitive customer data (including calls, voicemails or texts)” They go on to say: “As an industry and country, we are now seeing activity from the most sophisticated cyber criminals we’ve ever faced, and as such, we can’t make any promises with absolute certainty, but our commitment to our customers is clear: T-Mobile will work tirelessly to keep customer information secure, safeguarding our network, responding swiftly to threats, and investing in security.”
US intelligence and law enforcement agencies are scrambling to contain the fallout. Senators Ron Wyden of Oregon and Eric Schmitt of Missouri are calling on the Pentagon to investigate its own “failure to secure its unclassified telephone communication from foreign espionage.” The Pentagon acknowledged that the telecommunication companies it has contracts with have security vulnerabilities that could be exploited by foreign entities for surveillance. The department went on to say that vulnerabilities could only be fixed by the telecoms themselves.
The Bottom Line: Some are claiming that Salt Typhoon is perhaps the worst telecom hack in American history. Basic questions are not being answered and details are still scarce. AT&T and Verizon will not comment. China may have embedded itself inside the aging networking equipment for years, including routers and switches. It remains unknown if China has been evicted from phone companies’ networks. More Salt Typhoon cyber-attacks and incidents are expected to unfold. Cybersecurity remains an incredibly important issue and there is a significant amount of finger pointing going around.
Two Techs – your locally owned computer support company. Find Two Techs on the web at www.twotechs.com or email us at: support@twotechs.com or call 352-200-2365. USF, MIS, MCP, A+, Network+ & CISSP (References used (Techcrunch, Reuters, Politico, Krebsonsecurity, Wikipedia, PCMag, APNews)