Chinese government hacker 'Salt Typhoon' has infiltrated multiple internet providers



A new group of Chinese government hackers, known as 'Salt Typhoon,' who have not been publicly identified until now, has infiltrated several U.S. Internet service providers (ISPs) and is likely attempting to steal sensitive information by accessing routers that control traffic, The Wall Street Journal (WSJ) reported.

Exclusive | Chinese-Linked Hackers Breach US Internet Providers in New 'Salt Typhoon' Cyberattack - WSJ

https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835

On September 25, 2024, the WSJ reported that Salt Typhoon, a hacker with ties to the Chinese government, had been infiltrating several U.S. ISPs for months in search of classified information, according to people familiar with the matter.

According to sources, investigators are currently investigating the possibility that Salt Typhoon may have accessed Cisco Systems routers, a core component that routes much of ISP traffic.

A Cisco spokesperson confirmed that the company was investigating the matter, but said, 'To date, we have no indication that Cisco routers were involved in Salt Typhoon activity.'



The reports of Salt Typhoon are the latest in a series of attacks by Chinese nation-state threat actors around the world, particularly in the United States, where there is growing conflict with the Chinese government.

Nation-state actors are given names related to natural disasters and meteorological phenomena, such as Blizzard for Russia, Sleet for North Korea, and Sandstorm for Iran. Since the beginning of 2024, there have been a series of reports of a threat actor named 'Typhoon,' which indicates the involvement of the Chinese government.

On September 18, 2024, FBI Director Christopher Wray announced that the FBI had discovered that Flax Typhoon, a threat actor backed by the Chinese government, had infected more than 260,000 routers, modems, IP cameras, and other devices with malware, building a massive bot network known as 'Raptor Train.'

FBI destroys Chinese botnet 'Raptor Train' that infected 260,000 routers and network cameras with malware - GIGAZINE



In 2023, another Chinese government-affiliated threat actor known as Volt Typhoon was also found to have infiltrated thousands of network devices, mainly SOHO routers, and authorities announced in January 2024 that they had successfully dismantled the bot network built by Volt Typhoon.

FBI announces successful dismantling of Chinese government-backed hacking group 'Bolt Typhoon' cyber attack botnet - GIGAZINE



The specific identity of Salt Typhoon has not yet been revealed, but based on its targeted activities and operational style, it is believed to be a group affiliated with the Chinese Ministry of State Security, also known as APT40.

Glenn Gerstell, a former adviser to the National Security Agency (NSA), noted that the Salt Typhoon attack seems bold in light of previous major breaches by Chinese hacking groups. 'This is disturbing, but not surprising,' he told the WSJ. 'China is expanding its use of cyberattacks to gain an advantage over the United States.'

in Security, Posted by log1l_ks