Cyber experts have warned UK telecommunications firms and the wider industry must be ready for a barrage of cyber attacks as the Salt Typhoon hacker group claims yet more victims in the US.
Three further companies based in the US, Charter Communications, Consolidate Communications, and Windstream, have been added to the list of telecoms organizations compromised by the Chinese state-affiliated threat actor, according to the Wall Street Journal.
In December 2024, US security officials revealed Salt Typhoon was able to record private conversations of ‘senior political figures’ after compromising major telecom firms including Verizon, AT&T, and Lumen Technologies.
At the end of the month, Verizon and AT&T announced they had successfully removed the hackers from their IT environment, insisting that their networks were secure.
Elsewhere globally, cybersecurity experts have been watching the incident unfold with bated breath, with practitioners accelerating preparations for a looming onslaught of attacks.
Speaking to ITPro, Jamie Akhtar, CEO and co-founder of CyberSmart, warned that despite Salt Typhoon’s recent focus on entities in the US, the UK and other allies should be on high alert.
“Although Salt Typhoon has focused almost exclusively on US telcos thus far, their UK counterparts should be wary. The UK has long been a key ally of the US and, as a result, it’s impossible to rule out that state-sanctioned threats like Salt Typhoon could also be turned on British firms,” he said.
Akhtar added that there are previous notable examples of Chinese state-affiliated threat actors targeting UK infrastructure in the past, such as the APT31-led attacks in 2021.
Rob Pocock, technology director at Red Helix, cautioned that firms based outside the US should not be complacent and assume such attacks will exclusively focus on US-based companies.
The US’ global allies are a particularly appealing target for state-affiliated threat groups, he warned.
“It is highly misguided to assume advanced persistent threat actors like Salt Typhoon are only interested in the US. These threat groups are just as likely to target other nations, particularly US allies,” he warned.
“All critical infrastructure organizations should continue to expect to be targeted and take proactive steps to strengthen their own security – and that of their supply chains. Supply chains are often seen as the weakest link, but organizations can significantly reduce risks by ensuring their suppliers implement robust security measures.”
UK telcos are in the firing line for Salt Typhoon and others
Pocock added that UK telecoms firms represent a prime target for threat actors at present, especially amidst the country’s ongoing 5G SA roll-out.
However, regulations governing the integrity of telecoms firms such as the Telecommunications Security Act (TSA) may help ensure the country’s communications infrastructure is better protected.
“Telcos are right in the firing line when it comes to APT groups because of their critical role in the digital world. In the UK, the ongoing roll out of 5G SA may present different or new threat vectors for these groups to try and target,” he explained.
“Fortunately, telcos in the UK are already well-positioned to address these threats, thanks to their commitments to compliance with the Telecommunications Security Act (TSA) - a regulation designed with these challenges in mind.”
RELATED WHITEPAPER
He argued that, instead of introducing entirely new security protocols, the TSA “reflects best practices already enabled within the industry” and compliance would simply help reinforce these existing procedures.
This, Pocock argued, should stand UK-based telcos in good stead in the face of increasingly sophisticated external cyber threats.
“By focusing on optimized toolsets and avoiding over-complication, telcos continue to maintain a high level of security, ensuring their systems are well-protected against evolving threats.”
During a press briefing on 27 December, Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, said her UK counterparts argued these regulations would have meant the attack was detected and contained far more quickly.
“[T]heir comment to me was, ‘We would have found it faster, we would have contained it faster, it wouldn’t have spread as widely and have had the impact and been as undiscovered for as long had those regulations been in place.’
“And that’s a powerful message,” she recalled.
-
Passwords are a problem: why device-bound passkeys can be the future of secure authenticationIndustry insights AI-driven cyberthreats demand a passwordless future…
-
OpenAI thought it hit a home run with GPT-5 – users weren't so keenNews It’s been a tough week for OpenAI after facing criticism from users and researchers
-
‘All US forces must now assume their networks are compromised’ after Salt Typhoon breachNews The announcement marks the second major Salt Typhoon incident in the space of two years
-
Simplifying Password Management eBookWhitepaper
-
Living off the Land eBookWhitepaper
-
The Public Sector's Guide to Privilege and Password ManagementWhitepaper
-
Zero Standing Privilege: Automating Cybersecurity Without Disrupting ProductivityWhitepaper
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problemNews More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
Government cybersecurity action plan includes £16 million in fundingNews Cash will go to help startups, scale-ups, and university spinouts, while a new advisory group will aim to improve public sector cybersecurity
-
European Commission calls for cyber security proposalsNews With a special focus on healthcare, the Commission is looking to allocate €145.5 million
