Denmark’s cybersecurity agency recently issued a public warning about an increase in state-sponsored cyber espionage activities targeting the European telecommunications sector. The warning specifically raises the threat level to “high” due to rising interest from state actors seeking to access telecommunications infrastructure. Although the Danish agency did not explicitly name China or the Salt Typhoon campaign, it acknowledged that similar cyber espionage attempts have been observed in Europe. The U.S. had previously reported that European telecoms were compromised by the Chinese-linked Salt Typhoon group, which raised concerns about the growing risk.
Salt Typhoon, a Chinese cyber espionage group, has been identified as a major threat targeting telecom providers globally.
It first gained attention after breaching U.S. telecommunications firms and was later found to be targeting providers in several countries, including the U.K., South Africa, and Italy. This group is known for using sophisticated tactics such as exploiting vulnerabilities in Cisco devices and using custom-built tools like JumbledPath to maintain persistent access. Salt Typhoon has primarily targeted telecoms for intelligence gathering, focusing on intercepting communications and exfiltrating large amounts of data from compromised systems.
The Danish agency’s threat assessment highlights that state-sponsored hackers aim to monitor communications, track individual movements, and gain access to valuable user data through these breaches. Cyber espionage against telecom providers is particularly concerning because of the wealth of sensitive information involved, such as customer usage data and personal details. These breaches not only pose a risk to privacy but also to national security, as they enable attackers to conduct surveillance and gather intelligence from affected countries. The Danish government has urged telecom providers to bolster their defenses against these targeted attacks.
The ongoing Salt Typhoon campaign is part of a broader pattern of state-sponsored cyber espionage aimed at telecoms. Similar campaigns, including attacks by other Chinese-linked groups like Light Basin, have been observed targeting global telecom infrastructure for years. These campaigns demonstrate advanced technical knowledge of telecom network protocols, with some actors employing specialized malware designed to control networks and access calling records.
Reference: