China-linked attackers Salt Typhoon infiltrate US internet service providers


The Beijing-linked threat actors breached several internet service providers in the US, according to an exclusive report by The Wall Street Journal.

A previously undisclosed campaign by the threat actor labeled Salt Typhoon affected “valuable computer networks in the US and around the globe,” such as broadband networks. Lurking hackers could launch damaging cyberattacks, redirect internet traffic, spread malware, or access sensitive data.

According to people familiar with the matter, investigators are exploring whether Cisco Systems routers were exploited for initial access. However, according to the WSJ report, the company had no indication of a breach at the time.

ADVERTISEMENT

Salt Typhoon is a China-linked threat actor also known as GhostEmperor and FamousSparrow. It usually targets government entities and telecom companies in Southeast Asia, using a rootkit called Demodex, according to Malpedia.

The threat actor is highly sophisticated and uses anti-forensic and anti-analysis techniques to evade detection. Therefore, it can remain undetected for months.

Experts warned that Salt Typhoon operations appear to be a part of China’s ongoing cyber efforts to infiltrate US critical infrastructure. China has repeatedly denied any alegations of its involvement.

Last week, the FBI disrupted a large China-linked botnet that had compromised over 260,000 routers and other internet-connected devices.