China-linked APT group Salt Typhoon<\/a> (also known as\u00a0FamousSparrow<\/a>\u00a0and\u00a0GhostEmperor<\/a>) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.<\/p>\n\n\n\n
“A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.” reported the WSJ<\/a>.<\/em><\/p>\n\n\n\n
The Salt Typhoon<\/a> group targeted surveillance systems used by the US government to investigate crimes and threats to national security, including activities carried out by nation-state actors.<\/p>\n\n\n\n
This week Wall Street Journal first\u00a0reported<\/a>\u00a0that experts are investigating the security breaches to determine if the attackers gained access to\u00a0Cisco Systems\u00a0routers, which are core network components of the ISP infrastructures.<\/p>\n\n\n\n
\u201cHackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.\u201d Wall Street Journal reported<\/a>.<\/em><\/p>\n\n\n\n
\u201cThe hacking campaign, called Salt Typhoon by investigators, hasn\u2019t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing\u2019s massive digital army of cyberspies<\/a> has had breaking into valuable computer networks in the U.S. and around the globe.\u201d<\/em><\/p>\n\n\n\n
The Salt Typhoon hacking campaign, linked to China, appears focused on intelligence gathering rather than crippling infrastructure, unlike the attacks carried out by another China-linked APT group called\u00a0Volt Typhoon<\/a>. Chris Krebs from SentinelOne suggested that the group behind Salt Typhoon may be affiliated with China\u2019s Ministry of State Security, specifically the\u00a0APT40<\/a>\u00a0group, which specializes in intelligence collection. This group was publicly called out by the U.S. and its allies for hacking activities in July.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a>
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Salt Typhoon)<\/strong>