Pierluigi Paganini
December 29, 2024
A White House official confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part of a cyberespionage campaign aimed at telco firms worldwide.
“A White House official said Friday the US identified a ninth telecommunications company impacted by a wide-ranging Chinese espionage effort and that further steps are planned to curb cyberattacks from Beijing.” reported Bloomberg.
China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) and has been active since at least 2019 and targeted government entities and telecom companies.
White House cyber adviser Anne Neuberger revealed that the new victim of Chine-linked APT was discovered after Biden administration’s released guidance to detect their activity.
“The reality is that China is targeting critical infrastructure in the United States. Those are private sector companies, and we still see companies not doing the basics,” Anne Neuberger, the deputy national security advisor for cyber and emerging technologies, told reporters Friday.
“We know that voluntary cyber security practices are inadequate to protect against China, Russia and Iran hacking of our critical infrastructure,” Neuberger added.
In early December 2024, President Biden’s deputy national security adviser Anne Neuberger said that China-linked APT group Salt Typhoon had breached telecommunications companies in dozens of countries.
The Wall Street Journal reported that the senior White House official revealed that at least eight U.S. telecommunications firms were compromised in the attack.
The Salt Typhoon hacking campaign, active for 1–2 years, has targeted telecommunications providers in several dozen countries, according to a U.S. official.
“At this time, we don’t believe any classified communications have been compromised,” Neuberger said.
The deputy national security adviser said China accessed extensive metadata from targeted Americans while seeking specific communications, focusing regionally on government and political figures.
The White House aims to mandate minimum cybersecurity practices for telecoms, including secure configurations, anomaly monitoring, and strong key management, similar to rules in other critical infrastructures.
“We believe that if the companies had in place minimum [security] practices … that would make it far riskier, harder, and costlier for the Chinese to gain access and maintain access,” the senior administration official added.
The Biden administration prioritizes safeguarding tech and telecom infrastructure from PRC-linked cyber espionage operations and other foreign threats to protect U.S. national security. The Commerce Department’s tech security office is preparing measures to address risks from IT and communications transactions linked to China, Neuberger stated.
Early this month Australia, Canada, New Zealand, and the U.S. issued a joint advisory to warn of People’s Republic of China (PRC)-linked cyber espionage targeting telecom networks.
“The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign.” reads the joint advisory.
The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats.
“identified exploitations or compromises associated with these threat actors’ activity align with existing weaknesses associated with victim infrastructure; no novel activity has been observed.” continues the advisory.
The government of Bejing denied responsibility for the hacking campaign.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Salt Typhoon)
