The Chinese threat actor Salt Typhoon might still be lurking in US telecommunication networks, as attacks are “ongoing,” officials say. They recommend switching to encrypted communication methods.
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) urge Americans to use encrypted apps such as Signal or WhatsApp instead of text messages.
Cybernews previously reported that the China-linked threat actor Salt Typhoon compromised the networks of multiple internet service providers in the US, such as AT&T, Verizon, and dozens of others. According to reports, the hackers carried out a widespread cyberespionage campaign and intercepted voice calls, records, and even wiretap systems used by the Department of Justice.
Politico reports that officials warn that the intrusion is likely “ongoing” and larger in scale than previously understood. The FBI and CISA suggest using encryption to minimize the chances of communications being intercepted.
“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible,” Jeff Greene, CISA executive assistant director for cybersecurity, said in the call on Tuesday.
The FBI official added that people would benefit from using a phone that automatically receives timely operating system updates, responsibly managed encryption, and phishing-resistant multi-factor authentication (MFA).
The recommendations are somewhat contrary to the trend of European authorities wanting more access and control over messengers. Previously, there were initiatives to weaken encryption in the UK, and European police wanted real-time access to messengers.
Authorities also released a joint advisory on reducing potential entry points for the China-affiliated threat actors, which includes best practices for network engineers and defenders.
Those also specify ensuring that “traffic is end-to-end encrypted to the maximum extent possible.” The advisory focuses on better monitoring, detection, and response to threats.
“The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses,” Greene said.
“We urge software manufacturers to incorporate Secure by Design principles into their development lifecycle to strengthen the security posture of their customers.”
Authorities believe that all organizations in critical sectors could benefit from numerous hardening best practices, including disabling all unused, unauthenticated, or unencrypted protocols, using and storing passwords securely, limiting management connections and privileged accounts, patching and upgrading devices in a timely manner, and allowing only strong cryptography.
“Vigilance is key for defending against network compromise,” said Dave Luber, NSA cybersecurity director.
“Always have eyes on your systems and patch and address known vulnerabilities before they become targets.”
Your email address will not be published. Required fields are markedmarked