What is Salt Typhoon? Everything you need to know about ‘the worst telecom hack in [U.S.] history’

In today’s digital age, hardly a day goes by without news of a new cybersecurity threat. Unfortunately, the ongoing Salt Typhoon hack is much larger and more serious than a typical hack. Senate Intelligence Committee Chairman Senator Mark R. Warner even called the attack a “Salt Typhoon” “worst telecom hack in [U.S.] history for today” hackers gain access to vast amounts of Americans’ data and monitor the communications of political targets for years.

Here’s everything you need to know about the 2024 Salt Typhoon hack.

What is Salt Typhoon?

Salt Typhoon is a hacking group reportedly sponsored by the Chinese government. Active since 2020The group has carried out attacks on targets in the United States as well as around the world.

The group usually uses Advanced persistent threat (APT) attackssecretly gaining access to target networks and remaining there undetected for long periods of time. Such methods allow attackers to collect extensive information about the target organization.

Although the group is commonly referred to as the “Salt Typhoon”, it is also called the “Salt Typhoon”. GhostEmperor, Famous Sparrow, Estris Land and UNC2286. The name “Salt Typhoon” was given to it by Microsoft, which uses the word “Typhoon” to refer to all nation-state threat actors from China.

What is Salt Typhoon telecommunications hacking?

On Wednesday, the US government said Salt Typhoon hackers had infiltrated at least eight telecommunications companies after reports surfaced. earlier this year about a state-sponsored Chinese cyber attack on Internet service providers.

It is believed that the 2024 Salt Typhoon hack actually happened lasts for one or two yearsAnd remains active even nowas Salt Typhoon is supposedly still able to access many telecommunications systems. While officials work to rid systems of attackers, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said it is “impossible” to say when all hackers will be completely evicted.

According to US officials, the Salt Typhoon hack is an espionage campaign sponsored by Chinese authorities. The Chinese government denies any involvement in the cyberattacks.

“The US needs to stop its own cyber attacks on other countries and refrain from using cyber security to smear and slander China,” A spokesman for the Chinese Embassy in Washington said this in a statement to The Associated Press.

Which US telecommunications companies were affected by the Salt Typhoon hack?

The full list of organizations affected by the Salt Typhoon hack has not been published, but we do know that the campaign targeted telecommunications companies around the world. Anne Neuberger, the US deputy national security adviser for cybersecurity and emerging technologies, said on Wednesday that “dozens of countries” were affected, with the US, Canada, Australia and New Zealand all confirmed targets.

In the US, the Salt Typhoon allegedly attacked at least eight telecommunications companies. Wall Street Journal reports what this list includes:

• Verizon

• AT&T

• T-Mobile

• Lumen Technologies

Will the Salt Typhoon hack affect me?

US officials said that while they believe the Salt Typhoon hack did not affect every American, it affected a “large number” of people, most of whom lived in the Greater Washington area. The hackers reportedly gained access to metadata of these people, such as records of numbers that contacted each other, but not the content of such messages.

On its own, most of this compromised metadata does not appear to be of much interest to Salt Typhoon. Instead, the hackers are believed to have used such information to identify messages from specific targeted individuals. Salt Typhoon was said to be seeking corporate intellectual property as well as specific government and political targets, which reportedly included Donald Trump, Senator J.D. VanceAnd people from the Trump and Kamala Harris presidential campaigns.

Having identified them, the hackers focused on accessing the correspondence of these people, reading texts and listening to audio calls. As of November, approximately 150 individual targets had been identified and notified, most of them in the Washington, D.C. area.

“The actors stole a large amount of records, including data about where, when and with whom people communicated,” This was reported by a representative of the Federal Bureau of Investigation (FBI). Washington Post.

Salt Typhoon hackers are also reported to gained access to the US law enforcement system to request wiretapping. Although officials reported Washington Post what is there is no evidence that hackers managed to eavesdrop on the networkthey may have been able to identify people being investigated by the US government.

The full extent of the Salt Typhoon hack is still not entirely clear. Fortunately, Neuberger said no classified information was revealed.

How is the US government responding to the Salt Typhoon hack?

The tweet may have been deleted

Following reports of the Salt Typhoon cyberattack, the US Federal Communications Commission (FCC) stated that “We are taking decisive action to address vulnerabilities in the US telecommunications network.”

Specifically, the FCC proposed clarifying laws that require telecommunications companies to protect their networks from hackers. This will make it clear that such security measures include not only the equipment, but also the way telecom operators manage their networks.

The FCC also proposed new annual certification requirements for telecommunications companies, including certification of compliance with new cybersecurity risk management plans.

“As the Commission’s colleagues in the intelligence community determine the scope and impact of the Salt Typhoon attack, we need to create a modern framework that will help companies protect their networks and better prevent and respond to cyberattacks in the future,” said FCC Chairwoman Jessica Rosenworcel.

The Senate Commerce Subcommittee will hold a hearing on the Salt Typhoon hack on December 11 to examine security threats and protections.