What is a salt typhoon? A security expert explains the Chinese hackers and their attack on US telecommunications networks

Cyberattacks linked to the Chinese government which have compromised large swathes of America's telecommunications network are prompting the U.S. government to sound the alarm. Senate Intelligence Committee Chairman Sen. Mark Warner (D-VA) described it as “worst telecommunications hack in our country's history” and noted that it makes previous cyberattacks by Russian agents appear to be this: “Child's play” as compared.

The complex cyberattack was carried out by a gaggle of Chinese hackers Salt typhoonbegan as early as 2022. Its purpose, based on US officials, was to offer Chinese agents persistent access to telecommunications networks across the US by compromising devices comparable to routers and switches from firms comparable to AT&T, Verizon, Lumen and others.

This attack follows reports that the FBI and the Cybersecurity and Infrastructure Security Agency were assisting phone firms in mitigating other compromises of their networks linked to China. The earlier hack was a part of an attack on people within the Washington area Governmental or political rolesincluding candidates for the 2024 presidential election.

But Salt Typhoon isn't just targeting Americans. Research from security provider Trend Micro shows that attacks from Salt Typhoon other critical infrastructure in danger around the globe lately. US officials have confirmed These findings are also noteworthy – and their level of concern is noteworthy.

Chinese officials have denied the allegations that they were behind this operation, as they were in response to allegations of previous cyberattacks.

As Cybersecurity ResearcherI actually find this attack breathtaking in its scale and severity. However, it shouldn’t be surprising that such an incident took place. Many organizations of all sizes still don't follow suit good cybersecurity practiceshave limited resources or operate IT infrastructures which might be too complex to effectively monitor, manage and secure.

How bad is it?

In some cases, Salt Typhoon exploited technical vulnerabilities Cybersecurity products comparable to firewalls used to guard large organizations. Once on the network, attackers used more conventional tools and knowledge to expand their reach, gather information, remain hidden, and deliver malware for later use.

According to the FBI, the Salt Typhoon enabled Chinese officials to acquire a considerable amount of records showing where, when and with whom certain people communicated. In some cases, they found that Salt Typhoon also provided access to the content of phone calls and text messages.

“PBS News Hour” reports updates from the White House on the Salt Typhoon.

Salt typhoon also affected the private portalsor backdoors that phone firms provide to law enforcement to request court-ordered surveillance of phone numbers as a part of an investigation. This can also be the identical portal utilized by the US Secret Service to watch foreign targets within the United States.

As a result, the Salt Typhoon attackers can have obtained details about which Chinese spies and informants were monitoring counterintelligence agencies – intelligence that will help these targets evade such surveillance.

On December 3, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI, together with their counterparts in Australia, New Zealand and Canada, released guidance for the general public on find out how to reply to the Salt Typhoon attack. Her Improved visibility and hardening guidance for communications infrastructure The guide essentially reinforces best cybersecurity practices for organizations that might help mitigate the impact of Salt Typhoon or future copycat attacks.

However, it does provide recommendations for safeguarding specific telecommunications devices for among the Cisco products that were affected by this attack.

At this time, US officials and affected firms haven’t been in a position to fully determine the scope, depth and severity of the attack – or remove the attackers from the compromised systems – despite the fact that this attack has been ongoing for months.

What may be done?

U.S. officials said Salt Typhoon penetrated its targets in some ways existing weaknesses with the infrastructure. As I've written before, failure to implement basic cybersecurity best practices can result in debilitating incidents for organizations of all sizes. Given the world's reliance on networked information systems, it’s more essential than ever to keep up cybersecurity programs that make it difficult for attacks to succeed, particularly on critical infrastructure comparable to the phone network.

In addition to following best practice guidelines issued by the Cybersecurity and Infrastructure Security Agency earlier this week, firms also needs to remain vigilant. You mustn’t only monitor the news for details about this attack, but additionally the varied free, proprietary or private threat intelligence feeds and informal skilled networks to remain abreast of attackers' tactics and techniques – and ways to counter them to remain.

Companies and governments also needs to be certain that their IT departments and cybersecurity programs have sufficient staffing and funding to fulfill their needs and be certain that best practices are implemented. The Federal Communications Commission is already on board Threatening firms with fines because they did not strengthen their defenses against Chinese hacking attacks.

While any illegal surveillance is worrisome, the Salt Typhoon probably has little to fret the common American. Your family calls or text messages to friends are unlikely to be of interest to the Chinese government. However, if you ought to increase your security and privacy a bit, it’s best to think about using end-to-end encrypted messaging services comparable to Signal, FaceTime or Messages.

Also, be certain that you don't use default or easy-to-guess passwords in your devices, including your own home router. And think about using two-factor authentication to further increase the safety of all critical Internet accounts.

Back doors and villains

Lost within the noise of history is that Salt Typhoon proved that Decades of warnings from the Internet security community were correct. Any mandated secret or proprietary access to technology products is more likely to go undetected or used only by “the good guys” – and efforts to require it are more likely to backfire.

So it's somewhat ironic that considered one of the federal government's really helpful countermeasures to guard against Salt Typhoon espionage is to make use of heavily encrypted services for phone calls and text messages – encryption capabilities that it has spent many years attempting to undermine it in order that only “the good guys” can use it.

image credit : theconversation.com