Chinese hackers have allegedly broken into multiple internet service providers (ISP) in the United States, and are using their position to steal sensitive information and lay the groundwork for future attacks.
An investigation by the Wall Street Journal, which cited “people familiar with the matter”, did not name the compromised ISPs, but did mention there has been a “handful” of victims, and that the group behind the intrusions has been dubbed Salt Typhoon.
Given the name, Salt Typhoon has quickly been linked to other Chinese state-sponsored groups, all of which Microsoft named ‘typhoon’ – Flax Typhoon, Volt Typhoon, and Brass Typhoon.
Crippling the US response
While these groups focus on different things, and target different victims, the goal seems to be the same – to steal sensitive information, and disrupt critical infrastructure organizations in the US. These groups are reportedly working in coordination to assist the Chinese government in achieving its geo-political goals, including a possible invasion of Taiwan.
At the same time, US Cybersecurity and Infrastructure Security Agency (CISA) Executive Assistant Director for Cybersecurity, Jeff Greene, told The Register that the agency is aware of the reports of compromised ISPs, and basically said it’s business as usual, since China is known for pulling these kinds of stunts:
“CISA and our partners continue to emphasize the risk posed by PRC state-sponsored cyber actors, who have compromised the IT environments across multiple critical infrastructure sectors and organizations,” he said in a statement.
“We encourage all organizations to review our latest advisories and guidance, to include our joint Cybersecurity Advisory on identifying and mitigating living off the land techniques, and take action, as appropriate.”
Via The Register