FBI: China’s Salt Typhoon Hacked Over 200 US Companies
▼ Summary
– A Chinese hacking group known as Salt Typhoon has breached at least 200 American companies and others in 80 countries, as confirmed by the FBI’s assistant director.
– The campaign previously targeted nine U.S. telecommunication and internet providers, including AT&T, Verizon, Lumen, Charter Communications, and Windstream.
– The hackers accessed call records of senior U.S. politicians and officials to map communications and surveillance targets, prompting the FBI to advise using encrypted messaging apps.
– Salt Typhoon primarily infiltrates company routers to steal sensitive network traffic, with the FBI and international partners releasing technical guidance to detect intrusions.
– The threat from this Chinese-backed hacking campaign is ongoing, according to the FBI’s top cyber official.
A sophisticated cyber espionage operation with ties to China has compromised more than 200 US companies, according to a senior FBI official. The campaign, known as Salt Typhoon, represents one of the most extensive state-sponsored digital intrusions in recent years, targeting critical infrastructure and telecommunications providers on a global scale.
Brett Leatherman, assistant director of the FBI’s cyber division, disclosed that the hacking group has also infiltrated organizations across 80 countries, underscoring the widespread nature of the threat. While specific entities were not named in the latest announcement, previous reports confirmed breaches at major firms including AT&T, Verizon, and Lumen, with Charter Communications and Windstream also identified as victims.
The attackers focused on obtaining call records belonging to high-ranking US officials and politicians, enabling them to reconstruct communication networks and identify surveillance targets. At the peak of the activity, concerns over interception were so acute that the FBI advised Americans to adopt encrypted messaging platforms to protect their private exchanges.
In a coordinated effort, the FBI and multiple international cybersecurity agencies released a detailed advisory outlining Salt Typhoon’s methods. The group primarily exploits vulnerabilities in corporate routers to intercept sensitive network traffic, and the document provides technical recommendations for detecting and mitigating such intrusions.
Leatherman emphasized that the threat remains active and ongoing, highlighting the persistent challenges posed by foreign state-sponsored cyber operations targeting both public and private sector networks.
(Source: TechCrunch)
