Pierluigi Paganini
January 02, 2025
This week, a White House official confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part of a cyberespionage campaign aimed at telco firms worldwide.
China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) and has been active since at least 2019 and targeted government entities and telecom companies.
White House cyber adviser Anne Neuberger revealed that the new victim of Chine-linked APT was discovered after Biden administration’s released guidance to detect their activity.
In early December 2024, President Biden’s deputy national security adviser Anne Neuberger said that China-linked APT group Salt Typhoon had breached telecommunications companies in dozens of countries.
The Wall Street Journal reported that the senior White House official revealed that at least eight U.S. telecommunications firms were compromised in the attack.
The deputy national security adviser said China accessed extensive metadata from targeted Americans while seeking specific communications, focusing regionally on government and political figures.
Lumen this week announced that the Salt Typhoon APT group, was locked out of its network, TechCrunch reports. The company added that it is not aware of a data breach.
“Lumen spokesperson Mark Molzen told TechCrunch that an independent forensic analysis confirmed the company ejected the Chinese actors from its network, adding that there is “no evidence that customer data was accessed” during the Salt Typhoon breach.” reported TechCrunch.
Recently, US carriers AT&T and Verizon also reported they have secured their networks after cyberespionage attempts by the China-linked Salt Typhoon group.
At the end of November, T-Mobile reported recent infiltration attempts by Chinese hackers, but pointed out that threat actors had no access to its systems and no sensitive data was compromised.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Lumen)
