What is Salt Typhoon, the China-linked cyberattack shaking US telecom?

US authorities said the operation aimed to give Chinese actors persistent access to American telecom networks by exploiting vulnerabilities in devices such as routers and switches

In what has been described as the most significant telecom hack in history, a cyberattack linked to the Chinese government has disrupted the US telecommunications network in recent weeks, prompting serious warnings from American officials. The attack, attributed to a group of Chinese hackers identified as Salt Typhoon, reportedly began as early as 2022.

 

According to US authorities, the operation aimed to give Chinese actors persistent access to American telecom networks by exploiting vulnerabilities in devices such as routers and switches operated by major firms like AT&T, Verizon, and Lumen.

 

US Senator Mark Warner, chair of the Senate Intelligence Committee, described the incident as the most significant telecom hack in US history. He compared it to prior Russian cyber intrusions, stating they pale in comparison to this incident, which he likened to child’s play.

 

This breach came amid intensified efforts by the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency to assist telecom providers in mitigating compromises linked to China. Earlier attacks targeted individuals in Washington involved in political or governmental roles, including candidates in the 2024 presidential election.

 

How extensive is the Salt Typhoon breach?

 

Salt Typhoon exploited technical vulnerabilities in cybersecurity products, including firewalls designed to protect large organisations. Once inside targeted networks, attackers used conventional tools and techniques to extend their reach, extract data, remain undetected, and plant malware for future use.

 

The FBI reported that the breach enabled Chinese entities to collect extensive records, including details of who communicated with whom, when, and where. In some instances, attackers reportedly accessed the contents of phone calls and text messages.

 

Salt Typhoon also infiltrated private backdoors provided by telecom companies for law enforcement surveillance. These same portals are used by US intelligence agencies to monitor foreign targets on American soil. The breach may have allowed attackers to identify Chinese agents or informants under surveillance, enabling them to evade detection.

 

How did Salt Typhoon affect global operations?

 

Salt Typhoon’s activities have not been confined to the US. Research from cybersecurity firm Trend Micro, cited by The Conversation, indicates that the group has compromised critical infrastructure worldwide in recent years. US officials have confirmed these findings, heightening concerns over the global implications of the attacks.

 

As with previous accusations of cyber espionage, Chinese officials have denied involvement in the Salt Typhoon operation, rejecting claims of orchestrating cyberattacks targeting the US or other nations.

 

Meanwhile, cybersecurity experts quoted by various media outlets believe the scale and sophistication of the attack expose vulnerabilities that many organisations continue to face. Limited resources, poor security practices, and overly complex IT systems often hinder companies’ ability to monitor and protect their networks adequately.

 

Global response to the Chinese cyberattack

 

On December 3, cybersecurity agencies from the US, Canada, Australia, New Zealand, and the United Kingdom issued joint guidance to address the Salt Typhoon breach. Their report, titled Enhanced Visibility and Hardening Guidance for Communications Infrastructure, outlined recommended practices for organisations to mitigate the impact of this and future attacks. Specific measures to secure targeted Cisco products were included.

 

Despite months of investigations, US officials and affected companies have yet to fully determine the scale of the breach or eliminate the attackers from compromised systems.

 

Strengthening cyber defences is crucial

 

US authorities said Salt Typhoon’s infiltration methods stemmed largely from known weaknesses in existing infrastructure. Experts warned that organisations must adopt basic cybersecurity measures to prevent such attacks, particularly as global dependence on interconnected systems grows.

 

In addition to following the guidance issued by CISA, companies are urged to remain alert to evolving threats. Consulting threat intelligence feeds and professional networks can provide insights into new tactics and countermeasures. Adequate funding and staffing of IT and cybersecurity departments are also essential to safeguard critical infrastructure.

 

How can individuals protect themselves?

 

While the Salt Typhoon attack raises serious national security concerns, its implications for individual Americans remain limited, authorities say. Most personal communications are unlikely to interest foreign actors. However, experts have cautioned that individuals can enhance their privacy by using end-to-end encrypted messaging apps like Signal, FaceTime, or iMessage.

 

Avoiding default passwords on devices and enabling two-factor authentication for important accounts are also effective measures to strengthen security.

 

(With agency inputs)