FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countries
The agency has issued an advisory on the China-linked Salt Typhoon hacker group
The FBI has issued a security advisory warning the notorious Salt Typhoon hacker group is ramping up attacks globally.
Chinese state-sponsored threat actors have been targeting a wide range of sectors, the agency warned, mainly focusing on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers.
However, they’re also leveraging compromised devices and trusted connections to pivot into other networks, modifying routers to maintain persistent, long-term access to networks.
They've been linked to multiple China-based entities, including Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology , all of which provide cybersecurity products and services to China’s Ministry of State Security and People’s Liberation Army.
"Last fall, the FBI and CISA attributed compromises at US telecommunications providers to PRC-affiliated actors known as Salt Typhoon. Active since at least 2019, these actors conducted a significant cyber-espionage campaign, breaching global telecommunications privacy and security norms," said Brett Leatherman, assistant director of the FBI's Cyber Division.
"Today, we are releasing a Joint Cybersecurity Advisory to help defenders prevent, detect, and respond to this threat. Paired with guidance from late 2024, it offers practical steps to improve visibility and detect malicious activity early."
Salt Typhoon attacks worse than previously thought
Notably, the FBI warned that attacks waged by Salt Typhoon and its counterparts were more widespread than previously thought, with at least 60 organizations in 80 countries affected.
"Beijing’s indiscriminate targeting of private communications demands our stronger collaboration with our partners to identify and counter this activity at the earliest stages," said Leatherman.
"If you believe you are a victim of Salt Typhoon — or any other malicious cyber activity — I encourage you to contact your local FBI field office."
The advisory from the FBI comes in the wake of a report from the Department of Defense (DoD) detailing a long-term hacking campaign by the group against US National Guard networks.
In July, the DoD revealed Salt Typhoon breached and laid low in the compromised network of an unnamed US state National Guard for almost a year.
The group is believed to have accessed and exfiltrated sensitive military and law enforcement data as part of the campaign.
How to defend against Salt Typhoon
The advisory describes how Salt Typhoon operates, gaining initial access via known vulnerabilities in networking equipment.
Once in, the attackers altered access control lists, created privileged accounts, and enabled remote management to gain long-term access before moving laterally through organizations.
Rather than financial gain, the attacks were focused on telecom carriers, government organisations, and military infrastructure with the aim of surveillance and spying.
However, healthcare organizations have been targeted too.
“This alert details one of the largest global cyber espionage campaigns ever uncovered related to the Chinese government,” said John Riggi, AHA national advisor for cybersecurity and risk.
“US health care may be directly or indirectly impacted by this espionage and potentially disruptive cyberattack on critical infrastructure, and should take aggressive action to identify, contain, remediate and report to the FBI known instances of these malware strains appearing on healthcare networks or third-party networks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Morgan Stanley research warns AI is having a huge impact on jobsNews Analysis of five sectors highlights an "early warning sign" of AI’s impact on jobs
-
AI is “forcing a fundamental shift” in data privacy and governanceNews Organizations are working to define and establish the governance structures they need to manage AI responsibly at scale – and budgets are going up
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Salt Typhoon attack on US congressional email system ‘exposes how vulnerable core communications systems remain to nation-state actors’News The Salt Typhoon campaign marks the latest in a string of attacks on US government communications networks
