The U.S. government has disclosed that Salt Typhoon, a China-backed hacking group, continues to infiltrate the networks of some of the largest telecommunications providers in the country. Weeks after the breach was first uncovered in October, companies like AT&T, Verizon, and Lumen Technologies (formerly CenturyLink) are still working to fully remove the attackers. While T-Mobile reported being targeted, it claims to have successfully thwarted the group’s efforts. Despite ongoing remediation, the hackers remain embedded in certain systems, raising concerns about the full scope and objectives of the campaign.
Salt Typhoon’s activities appear to have espionage as their primary motive. Investigators have found evidence suggesting the hackers targeted the communications of U.S. officials and senior political figures, including presidential candidates. Particularly troubling is their access to wiretap systems, which may have been exploited to identify Chinese nationals under U.S. surveillance. This strategic targeting points to an effort to undermine national security and monitor high-value targets.
The persistence of Salt Typhoon within these networks underscores the group’s sophistication and the challenges faced by defenders in the telecommunications sector. The attackers have used advanced techniques to evade detection and maintain access, making it difficult for companies to fully evict them. Complicating matters further, officials have yet to determine the hackers’ ultimate goals, adding to the urgency of securing these critical systems.
In response, the Cybersecurity and Infrastructure Security Agency (CISA) has issued detailed guidance to help telecom providers fortify their networks. Recognizing the unique nature of each victim’s infrastructure, the recommendations include customized strategies to enhance defenses and prevent future intrusions. While the exact timeline for full recovery remains uncertain, the continued collaboration between government agencies and private firms highlights the critical need for robust cybersecurity measures in protecting national infrastructure.
Reference:
