Cyber experts have warned UK telecommunications firms and the wider industry must be ready for a barrage of cyber attacks as the Salt Typhoon hacker group claims yet more victims in the US.
Three further companies based in the US, Charter Communications, Consolidate Communications, and Windstream, have been added to the list of telecoms organizations compromised by the Chinese state-affiliated threat actor, according to the Wall Street Journal.
In December 2024, US security officials revealed Salt Typhoon was able to record private conversations of ‘senior political figures’ after compromising major telecom firms including Verizon, AT&T, and Lumen Technologies.
At the end of the month, Verizon and AT&T announced they had successfully removed the hackers from their IT environment, insisting that their networks were secure.
Elsewhere globally, cybersecurity experts have been watching the incident unfold with bated breath, with practitioners accelerating preparations for a looming onslaught of attacks.
Speaking to ITPro, Jamie Akhtar, CEO and co-founder of CyberSmart, warned that despite Salt Typhoon’s recent focus on entities in the US, the UK and other allies should be on high alert.
“Although Salt Typhoon has focused almost exclusively on US telcos thus far, their UK counterparts should be wary. The UK has long been a key ally of the US and, as a result, it’s impossible to rule out that state-sanctioned threats like Salt Typhoon could also be turned on British firms,” he said.
Akhtar added that there are previous notable examples of Chinese state-affiliated threat actors targeting UK infrastructure in the past, such as the APT31-led attacks in 2021.
Rob Pocock, technology director at Red Helix, cautioned that firms based outside the US should not be complacent and assume such attacks will exclusively focus on US-based companies.
The US’ global allies are a particularly appealing target for state-affiliated threat groups, he warned.
“It is highly misguided to assume advanced persistent threat actors like Salt Typhoon are only interested in the US. These threat groups are just as likely to target other nations, particularly US allies,” he warned.
“All critical infrastructure organizations should continue to expect to be targeted and take proactive steps to strengthen their own security – and that of their supply chains. Supply chains are often seen as the weakest link, but organizations can significantly reduce risks by ensuring their suppliers implement robust security measures.”
UK telcos are in the firing line for Salt Typhoon and others
Pocock added that UK telecoms firms represent a prime target for threat actors at present, especially amidst the country’s ongoing 5G SA roll-out.
However, regulations governing the integrity of telecoms firms such as the Telecommunications Security Act (TSA) may help ensure the country’s communications infrastructure is better protected.
“Telcos are right in the firing line when it comes to APT groups because of their critical role in the digital world. In the UK, the ongoing roll out of 5G SA may present different or new threat vectors for these groups to try and target,” he explained.
“Fortunately, telcos in the UK are already well-positioned to address these threats, thanks to their commitments to compliance with the Telecommunications Security Act (TSA) - a regulation designed with these challenges in mind.”
RELATED WHITEPAPER
He argued that, instead of introducing entirely new security protocols, the TSA “reflects best practices already enabled within the industry” and compliance would simply help reinforce these existing procedures.
This, Pocock argued, should stand UK-based telcos in good stead in the face of increasingly sophisticated external cyber threats.
“By focusing on optimized toolsets and avoiding over-complication, telcos continue to maintain a high level of security, ensuring their systems are well-protected against evolving threats.”
During a press briefing on 27 December, Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, said her UK counterparts argued these regulations would have meant the attack was detected and contained far more quickly.
“[T]heir comment to me was, ‘We would have found it faster, we would have contained it faster, it wouldn’t have spread as widely and have had the impact and been as undiscovered for as long had those regulations been in place.’
“And that’s a powerful message,” she recalled.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Does speech recognition have a future in business tech?Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
-
Law enforcement needs to fight fire with fire on AI threatsNews UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a yearAnalysis Lengthy OT lifespans give attackers time to penetrate networks underpinning critical infrastructure and plan future disruption
-
Cybersecurity teams face unparalleled pressure, but they’re stepping up to the plateNews While cybersecurity teams are contending with rising workloads and chronic staffing issues, new research shows practitioners are still charging ahead and meeting targets.
-
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victimsNews Security experts have warned the BlackLock group could become the most active ransomware operator in 2025
-
Unlock profitability with Cove Data ProtectionWhitepaper Agile risk management starts with a common language
-
Ransomware missteps that can cost youWhitepaper Agile risk management starts with a common language
-
The big book of selling data protectionWhitepaper Agile risk management starts with a common language
