Salt Typhoon Hacks Expose US Telecom; Government Steps up Response

By Anthony Kimery

The Department of Homeland Security’s (DHS) Chief Information Officer reportedly issued internal guidance Friday to all employees informing them to use only DHS-assigned devices for official work. The advisory was sent as a government-wide investigation continues into a breach of US telecommunications infrastructure widely believed to have been carried out by the Chinese government-linked hacking collective known as Salt Typhoon.

In the email, DHS CIO Eric Hysen encouraged DHS employees to prioritize Microsoft Teams for communication when possible and to be cautious about using phone calls and SMS. The advisory follows extensive Chinese infiltration into multiple telecommunications firms involved in court-authorized wiretaps by Salt Typhoon. However, the email did not directly reference Salt Typhoon or its recent activities.

The Wall Street Journal recently reported that the Consumer Financial Protection Bureau’s Office of the Chief Information Officer also had advised its staff to avoid using phones for work matters, though the agency clarified it was not affected by the breach.

On Thursday, members of the US Intelligence Community conducted a classified briefing for House oversight committees on the breaches. A briefing for Senate members is expected this week. The Senate Select Committee on Intelligence reportedly has already been receiving frequent updates.

Salt Typhoon, also known by aliases such as Ghost Emperor, Famous Sparrow, and UNC2286, is an advanced persistent threat group attributed to the Chinese government. Active since at least 2020, the group has garnered attention for its focus on cyberespionage, particularly targeting US law enforcement, intelligence agencies, and their supporting telecommunications networks. Salt Typhoon’s operations reflect a methodical and long-term approach to intelligence gathering, creating serious implications for national security, especially in terms of law enforcement communications and intelligence community operations.

Salt Typhoon has demonstrated the ability to compromise major US telecommunications providers such as AT&T, Lumen, and Verizon, it has been reported, all of which provide critical infrastructure for government agencies, including systems supporting court-ordered wiretaps. By infiltrating these communications channels, Salt Typhoon can potentially intercept sensitive communications, including wiretaps and calls involving law enforcement investigations and potentially compromising vast amounts of personal and sensitive information. This access could also undermine the confidentiality of ongoing law enforcement, intelligence collection, and counterintelligence operations and investigations and compromise evidence integrity.

Salt Typhoon’s infiltration of telecommunications networks provides an opportunity to monitor communications of high-value targets, such as senior government officials, intelligence officers, and diplomats. Indeed. Reports indicate that the group accessed unencrypted communications of senior US officials, including those affiliated with presidential campaigns. Notably, they targeted the phones of President-elect Donald Trump, Vice President-elect J.D. Vance, members of former Democratic presidential candidate Vice President Kamala Harris’s campaign staff, and the staff of Senate Majority Leader Chuck Schumer.

The ability to eavesdrop on such individuals potentially gives the Chinese-backed hacking group insight into sensitive matters, from internal policy discussions to intelligence on US allies and partners. Such data is especially valuable for understanding US geopolitical strategy and operational priorities. This level of intelligence is highly prized by the Chinese government – as well as other hostile foreign governments – because of its value in shaping strategic, diplomatic, and economic policies and operational planning.

Penetrating telecom systems greatly increases the risk of counterintelligence failures by giving Salt Typhoon access to extensive data on US intelligence operations and counterintelligence tactics. Access to such data could expose US intelligence strategies, tactics, and methods, leading to more effective countermeasures by China. This could also weaken US efforts to track or thwart foreign intelligence operations within its borders, potentially exposing undercover operations, informants, and sources.

Salt Typhoon’s infiltration of telecommunications companies linked to the Communications Assistance for Law Enforcement Act (CALEA) systems is particularly concerning. The 30-year-old CALEA requires telecom companies to engineer their systems to allow lawful wiretaps. By accessing this infrastructure, Salt Typhoon may circumvent legal protections and directly monitor US citizens or other lawful surveillance targets without detection. This threatens the integrity of US law enforcement’s surveillance abilities and raises concerns about a foreign power accessing private communications between American citizens.

The hacking collective’s prolonged access to US telecom systems could also erode trust in the security of these networks. For example, if the public becomes aware that private and potentially sensitive communications are vulnerable to foreign interception, it could undermine trust in digital communications and in US security protocols. This would not only impact the telecom sector, but it also would shake confidence in US critical infrastructure’s resilience to foreign threats.

In response to these breaches, federal agencies have initiated comprehensive investigations and mitigation efforts. In October, DHS’s Cyber Safety Review Board (CSRB) launched an investigation into the Salt Typhoon attacks, aiming to assess the extent of the breaches and to develop strategies to prevent future incidents. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) also issued advisories to critical infrastructure sectors emphasizing the need for enhanced security measures and vigilance against potential threats from state-sponsored actors like Salt Typhoon.

CISA and the FBI stated at the time that “Agencies across the US government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector.”

DHS had previously confirmed that CSRB would lead an investigation into the breach, and that a Unified Coordination Group had been established to conduct a full-scale government response to the incident.

These concerted efforts underscore the US government’s commitment to addressing the challenges posed by sophisticated cyber adversaries and to safeguarding national security interests.

A source familiar with Salt Typhoon is reported having said the Salt Typhoon collective is “exceptionally skilled,” with members who are both highly capable and patient. The source, who spoke on the condition of anonymity, noted that the compromised telecom data is valuable intelligence that any adversarial nation-state would seek to access.

It remains unclear whether other surveillance systems, such as those authorized and governed by the Foreign Intelligence Surveillance Act were also breached. Data from these networks could offer Beijing insights into US intelligence operations overseas.

“If you want to know what diplomats are thinking, it’s in their email, it’s in their texts. And that’s the kind of stuff that I think people have always targeted,” said Kevin Mandia, founder of the threat intelligence firm Mandiant.

This isn’t exactly true, however, as US diplomats generally convey their thoughts about their foreign counterparts and foreign leaders in cables transmitted via classified communications channels.

Former National Security Agency director, retired Army Gen. Paul Nakasone, said in a recent interview that the breach is “really concerning … The scope and the scale of allegedly being in American telecommunications companies — that’s a different ballgame. I think the follow-on question now is, okay, what are we doing about it?”

The breach has raised questions about security standards mandated by the 30-year-old Communications Assistance for Law Enforcement Act (CALEA), which requires carriers to build their systems to allow wiretapping by law enforcement.

Currently, the Federal Communications Commission allows companies to develop their own compliance solutions or to rely on third parties to ensure CALEA adherence. Some cybersecurity experts suggest it may be time to update these standards.

The DHS’s recent advisories, along with investigative actions by the FBI and the Cyber Safety Review Board, underscore the federal response to mitigate Salt Typhoon’s threat. However, the collective’s sophistication highlights potential gaps in existing US security frameworks, especially concerning CALEA compliance and telecom infrastructure protections. The recent advisories recommending minimal use of phones and SMS for official communications among federal employees also reveal a temporary, reactive approach in response to Salt Typhoon’s infiltration.

The Salt Typhoon attacks almost necessitate a reassessment of US telecommunications security standards and national security protocols. Regarding CALEA, it may need to be strengthened to better secure telecom systems. Establishing stricter standards for telecom companies’ security, perhaps requiring periodic audits and advanced cyber defenses, could improve resilience against foreign intrusion.

Given the high-stakes nature of lawful wiretaps, future protocols also could include more robust encryption, decentralized data access, and more rigorous access controls within telecom companies to prevent unauthorized access by foreign actors.

Because the telecom infrastructure is largely operated by private entities, enhanced collaboration between federal agencies and telecom providers will be essential. Coordinated efforts on cybersecurity protocols, threat intelligence sharing, and joint-response planning could significantly reduce the impact of future attacks.

Strengthening counterintelligence measures to detect and thwart similar infiltrations by foreign APTs also is critical. Establishing a federal task force focused on telecommunications infrastructure could ensure a more proactive approach to preventing future breaches.

Salt Typhoon clearly poses a severe and complex threat to the US telecommunications infrastructure, especially impacting law enforcement and intelligence operations. The ability to infiltrate telecom systems not only compromises national security but also exposes critical vulnerabilities in US cybersecurity frameworks. With this group’s advanced capabilities and patient approach, addressing their activities requires a proactive, collaborative, and multi-layered response to strengthen telecommunications security, enhance operational protocols, and safeguard the US against future adversarial intrusions.

Source: Biometric Update

Become a Patron!
Or support us at SubscribeStar
Donate cryptocurrency HERE

Subscribe to Activist Post for truth, peace, and freedom news. Follow us on Telegram, HIVE, Minds, MeWe, Twitter – X  and Gab.

Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.


Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

Be the first to comment on "Salt Typhoon Hacks Expose US Telecom; Government Steps up Response"

Leave a comment