Update:  apparently Salt Typhoon got in through the Lawful Intercept systems at ISPs.

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=byoB7m

Some of you probably already knew, but was news to me…

-george 

Sent from my iPhone

Sent from my iPhone

On Sep 25, 2024, at 11:46 AM, Sean Donelan <sean@donelan.com> wrote:

Wall Street Journal out with an 'exclusive' article.

This is apparently different than the other *-Typhoon groups (or whatever your favorite threat intelligence provider calls then).  I don't know why the *-Typhoon groups would limit their intrusions to only U.S. ISPs. Broadband ISPs in other countries may have similar issues.

China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack

https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835


Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.

The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.

In Salt Typhoon, the actors linked to China burrowed into America’s broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack.