Background
Salt Typhoon, an Advanced Persistent Threat (APT) operation linked to the Chinese government, is associated with cyberespionage targeting vital industries such as telecommunications, government agencies, and critical infrastructure worldwide. Also known as APT41, this group has a dual focus on espionage and financial gain, making them one of the most dangerous and adaptable APT groups yet. Salt Typhoon, backed by the Chinese government, uses cyberwarfare to safeguard China’s political, economic, and espionage interests. This group employs advanced offensive techniques, exploiting vulnerabilities in internet service providers (ISPs), software supply chains, and telecommunications networks to infiltrate critical systems. Once inside, they utilise lateral movement, traffic monitoring, and credential theft to ensure long-term access.
Operating on a global scale, Salt Typhoon has targeted industries like telecom, healthcare, and technology in North America, Europe, Asia, and Africa. Their international reach highlights the importance of the sectors they focus on, with telecom companies like AT&T and Verizon among their most notable victims. Beyond data theft, the group is also known to alter information, a tactic that raises the stakes of their cyberattacks.
Persistent Cyber Espionage
US authorities have linked the Salt Typhoon to several significant hacks, including breaches of healthcare and banking networks. Most recently, it was revealed that the group compromised at least three major US broadband providers, including Verizon, AT&T, and Lumen. While the full extent of the breach is still under investigation, Salt Typhoon’s activities are believed to be part of a broader espionage effort to uncover Chinese subjects under US surveillance. According to US intelligence, the operation was coordinated by China’s Ministry of State Security (MSS), which has been gathering intelligence through cyberattacks on US networks. This revelation comes amidst ongoing tensions between Beijing and Washington, with the US administration viewing China as its most significant geopolitical rival, particularly in areas like economic dominance and military power.
China’s Usual Denial
China has vehemently denied these allegations. Liu Pengyu, a representative of the Chinese Consulate in Washington, accused the US of fabricating evidence to justify increased cybersecurity funding. Pengyu argued that China is frequently a target of cyberattacks, turning the narrative back on the US and its cybersecurity apparatus. Despite these denials, substantial evidence links Salt Typhoon to state-sponsored espionage efforts. If the group successfully accessed lists of federal surveillance targets or intercepted sensitive communications, it could compromise domestic criminal investigations and critical national security efforts. China has long engaged in technological and commercial espionage, mainly targeting the US and Western democracies. Over the years, Chinese hackers have penetrated critical infrastructure in the US, including power grids and water systems, potentially preparing for more destructive attacks in the event of heightened conflict between the two nations.
Salt Typhoon’s recent operations are separate from the attacks carried out by another Chinese APT group, Volt Typhoon, which the US alleges is affiliated with the Chinese People’s Liberation Army (PLA). Volt Typhoon attacked at least a dozen critical US infrastructure systems, including utilities that provide water and electricity. However, US officials have found no evidence linking these two groups.
Are the Cybersecurity frameworks effective enough?
Verizon, one of the largest US ISPs, has been heavily affected by the Salt Typhoon’s infiltration. The company has reportedly established a “war room” in Ashburn, Virginia, with officials from Google’s Mandiant, Microsoft, and the FBI working together to address the breach. Hackers could modify Cisco routers to exfiltrate data from Verizon’s network, a feat that demonstrates the group’s skill in operating undetected for months. The ability of Salt Typhoon to access US telecom networks for extended periods raises questions about the effectiveness of even highly secure systems. It also highlights the challenge of detecting and neutralising advanced persistent threats in real time.
The Salt Typhoon attack on US telecom infrastructure underscores cybersecurity’s critical role in protecting national security and maintaining government operations. If hackers can compromise telecom networks, they can manipulate data, disrupt investigations, and intercept crucial communications. This threatens not only law enforcement efforts but also citizens’ privacy rights. Moreover, Salt Typhoon’s prolonged access to these networks shows the difficulty in identifying and stopping APTs. It is a stark reminder that even secure systems are vulnerable, emphasising the need for nations to invest in more robust cybersecurity defences and detection technologies.
Cybersecurity is no longer just a technical issue but a crucial element of national security awareness. Governments must secure their networks and foster international cooperation and public-private partnerships to protect critical infrastructure. Companies like Verizon and AT&T play an essential role in safeguarding the systems that underpin governmental and economic functions, making their security posture a matter of national concern.
