FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countries
The agency has issued an advisory on the China-linked Salt Typhoon hacker group
The FBI has issued a security advisory warning the notorious Salt Typhoon hacker group is ramping up attacks globally.
Chinese state-sponsored threat actors have been targeting a wide range of sectors, the agency warned, mainly focusing on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers.
However, they’re also leveraging compromised devices and trusted connections to pivot into other networks, modifying routers to maintain persistent, long-term access to networks.
They've been linked to multiple China-based entities, including Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology , all of which provide cybersecurity products and services to China’s Ministry of State Security and People’s Liberation Army.
"Last fall, the FBI and CISA attributed compromises at US telecommunications providers to PRC-affiliated actors known as Salt Typhoon. Active since at least 2019, these actors conducted a significant cyber-espionage campaign, breaching global telecommunications privacy and security norms," said Brett Leatherman, assistant director of the FBI's Cyber Division.
"Today, we are releasing a Joint Cybersecurity Advisory to help defenders prevent, detect, and respond to this threat. Paired with guidance from late 2024, it offers practical steps to improve visibility and detect malicious activity early."
Salt Typhoon attacks worse than previously thought
Notably, the FBI warned that attacks waged by Salt Typhoon and its counterparts were more widespread than previously thought, with at least 60 organizations in 80 countries affected.
"Beijing’s indiscriminate targeting of private communications demands our stronger collaboration with our partners to identify and counter this activity at the earliest stages," said Leatherman.
"If you believe you are a victim of Salt Typhoon — or any other malicious cyber activity — I encourage you to contact your local FBI field office."
The advisory from the FBI comes in the wake of a report from the Department of Defense (DoD) detailing a long-term hacking campaign by the group against US National Guard networks.
In July, the DoD revealed Salt Typhoon breached and laid low in the compromised network of an unnamed US state National Guard for almost a year.
The group is believed to have accessed and exfiltrated sensitive military and law enforcement data as part of the campaign.
How to defend against Salt Typhoon
The advisory describes how Salt Typhoon operates, gaining initial access via known vulnerabilities in networking equipment.
Once in, the attackers altered access control lists, created privileged accounts, and enabled remote management to gain long-term access before moving laterally through organizations.
Rather than financial gain, the attacks were focused on telecom carriers, government organisations, and military infrastructure with the aim of surveillance and spying.
However, healthcare organizations have been targeted too.
“This alert details one of the largest global cyber espionage campaigns ever uncovered related to the Chinese government,” said John Riggi, AHA national advisor for cybersecurity and risk.
“US health care may be directly or indirectly impacted by this espionage and potentially disruptive cyberattack on critical infrastructure, and should take aggressive action to identify, contain, remediate and report to the FBI known instances of these malware strains appearing on healthcare networks or third-party networks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Security expert warns Salt Typhoon is becoming 'more dangerous' after Norwegian authorities lift lid on critical infrastructure hacking campaignNews The Chinese state-backed hacking group has waged successful espionage campaigns against an array of organizations across Norway.
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
