Oct 07, 2024 11:05:00

Chinese hacker group 'Salt Typhoon' may have infiltrated law enforcement agencies' wiretapping systems via ISPs

The Wall Street Journal has reported that Salt Typhoon, a nation-state threat actor backed by the Chinese government, may have infiltrated a U.S. internet service provider (ISP) and accessed communications interception systems used by law enforcement agencies for legitimate investigations.

xclusive | US Wiretap Systems Targeted in China-Linked Hack - WSJ

https://www.wsj.com/tech/cybersecurity/us-wiretap-systems-targeted-in-china-linked-hack-327fc63b

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems
https://securityaffairs.com/169460/apt/salt-typhoon-hacked-us-broadband-providers.html

Salt Typhoon, also known as 'FamousSparrow' and 'GhostEmperor,' is a Chinese advanced persistent threat (APT) group that was found to have infiltrated networks through routers and hidden in multiple ISPs in September 2024.

Chinese government hacker 'Salt Typhoon' found to have infiltrated multiple Internet providers - GIGAZINE

The Wall Street Journal has now revealed that Salt Typhoon may have accessed surveillance systems used by US law enforcement for criminal and national security investigations via ISP networks.

Under U.S. law, telecommunications and broadband companies must cooperate with law enforcement requests, with court approval, to intercept Internet communications - a practice known as 'lawful wiretapping.'

A source familiar with the matter told The Wall Street Journal, 'The hackers may have had access to network infrastructure used to assist with lawful requests for U.S. communications data for several months or more, posing a significant national security risk.'

According to sources, Salt Typhoon may have had access not only to investigative systems but also to more general internet traffic.

Verizon Communications, AT&T and Lumen Technologies were named among the ISPs affected by the breach. Spokespeople for all three companies did not respond to media requests for comment on the incident.

Generally, companies are required to promptly report and disclose any significant cyberattacks to financial regulators, but 'there are cases where they are exempt from disclosure for national security reasons,' The Wall Street Journal noted.

It was unclear at the time of writing whether systems supporting the monitoring of foreign intelligence activities were also exposed to Salt Typhoon attacks.

'It will take time to determine the extent of this incident, but it is the most significant in a long series of warnings about how China has stepped up its cyber attacks and it is something that businesses and governments absolutely need to take seriously,' said Brandon Wales, a vice president at security firm SentinelOne and a former executive at the Cybersecurity and Infrastructure Security Agency.