WSJ: China-Linked Hackers Breach U.S. ISPs in New "Salt Typhoon" attack
Wall Street Journal out with an 'exclusive' article. This is apparently different than the other *-Typhoon groups (or whatever your favorite threat intelligence provider calls then). I don't know why the *-Typhoon groups would limit their intrusions to only U.S. ISPs. Broadband ISPs in other countries may have similar issues. China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack https://www.wsj.com/politics/national-security/china-cyberattack-internet-pr... Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter. The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe. In Salt Typhoon, the actors linked to China burrowed into America’s broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack.
Update: apparently Salt Typhoon got in through the Lawful Intercept systems at ISPs. https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china... Some of you probably already knew, but was news to me… -george Sent from my iPhone Sent from my iPhone
On Sep 25, 2024, at 11:46 AM, Sean Donelan <sean@donelan.com> wrote:
Wall Street Journal out with an 'exclusive' article.
This is apparently different than the other *-Typhoon groups (or whatever your favorite threat intelligence provider calls then). I don't know why the *-Typhoon groups would limit their intrusions to only U.S. ISPs. Broadband ISPs in other countries may have similar issues.
China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack
https://www.wsj.com/politics/national-security/china-cyberattack-internet-pr...
Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.
The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.
In Salt Typhoon, the actors linked to China burrowed into America’s broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack.
participants (2)
-
George Herbert
-
Sean Donelan