Cyber experts have warned UK telecommunications firms and the wider industry must be ready for a barrage of cyber attacks as the Salt Typhoon hacker group claims yet more victims in the US.
Three further companies based in the US, Charter Communications, Consolidate Communications, and Windstream, have been added to the list of telecoms organizations compromised by the Chinese state-affiliated threat actor, according to the Wall Street Journal.
In December 2024, US security officials revealed Salt Typhoon was able to record private conversations of ‘senior political figures’ after compromising major telecom firms including Verizon, AT&T, and Lumen Technologies.
At the end of the month, Verizon and AT&T announced they had successfully removed the hackers from their IT environment, insisting that their networks were secure.
Elsewhere globally, cybersecurity experts have been watching the incident unfold with bated breath, with practitioners accelerating preparations for a looming onslaught of attacks.
Speaking to ITPro, Jamie Akhtar, CEO and co-founder of CyberSmart, warned that despite Salt Typhoon’s recent focus on entities in the US, the UK and other allies should be on high alert.
“Although Salt Typhoon has focused almost exclusively on US telcos thus far, their UK counterparts should be wary. The UK has long been a key ally of the US and, as a result, it’s impossible to rule out that state-sanctioned threats like Salt Typhoon could also be turned on British firms,” he said.
Akhtar added that there are previous notable examples of Chinese state-affiliated threat actors targeting UK infrastructure in the past, such as the APT31-led attacks in 2021.
Rob Pocock, technology director at Red Helix, cautioned that firms based outside the US should not be complacent and assume such attacks will exclusively focus on US-based companies.
The US’ global allies are a particularly appealing target for state-affiliated threat groups, he warned.
“It is highly misguided to assume advanced persistent threat actors like Salt Typhoon are only interested in the US. These threat groups are just as likely to target other nations, particularly US allies,” he warned.
“All critical infrastructure organizations should continue to expect to be targeted and take proactive steps to strengthen their own security – and that of their supply chains. Supply chains are often seen as the weakest link, but organizations can significantly reduce risks by ensuring their suppliers implement robust security measures.”
UK telcos are in the firing line for Salt Typhoon and others
Pocock added that UK telecoms firms represent a prime target for threat actors at present, especially amidst the country’s ongoing 5G SA roll-out.
However, regulations governing the integrity of telecoms firms such as the Telecommunications Security Act (TSA) may help ensure the country’s communications infrastructure is better protected.
“Telcos are right in the firing line when it comes to APT groups because of their critical role in the digital world. In the UK, the ongoing roll out of 5G SA may present different or new threat vectors for these groups to try and target,” he explained.
“Fortunately, telcos in the UK are already well-positioned to address these threats, thanks to their commitments to compliance with the Telecommunications Security Act (TSA) - a regulation designed with these challenges in mind.”
RELATED WHITEPAPER
He argued that, instead of introducing entirely new security protocols, the TSA “reflects best practices already enabled within the industry” and compliance would simply help reinforce these existing procedures.
This, Pocock argued, should stand UK-based telcos in good stead in the face of increasingly sophisticated external cyber threats.
“By focusing on optimized toolsets and avoiding over-complication, telcos continue to maintain a high level of security, ensuring their systems are well-protected against evolving threats.”
During a press briefing on 27 December, Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, said her UK counterparts argued these regulations would have meant the attack was detected and contained far more quickly.
“[T]heir comment to me was, ‘We would have found it faster, we would have contained it faster, it wouldn’t have spread as widely and have had the impact and been as undiscovered for as long had those regulations been in place.’
“And that’s a powerful message,” she recalled.
-
What is polymorphic malware?Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the companyOpinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Simplifying Password Management eBookWhitepaper
-
Living off the Land eBookWhitepaper
-
The Public Sector's Guide to Privilege and Password ManagementWhitepaper
-
Zero Standing Privilege: Automating Cybersecurity Without Disrupting ProductivityWhitepaper
-
‘We are now a full-fledged powerhouse’: Two years on from its Series B round, Hack the Box targets further growth with AI-powered cyber training programs and new market opportunitiesNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
-
Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacentNews More than four-in-ten UK businesses were hit by a cyber attack last year, marking a decrease on the year prior – but security experts have warned enterprises to still remain vigilant.
-
Law enforcement needs to fight fire with fire on AI threatsNews UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
