Multiple US-based broadband service providers, including Verizon, AT&T, and Lumen Technologies, have reportedly been breached by Salt Typhoon, a Chinese hacking group. It’s unclear when the intrusion happened, but the purpose of the attacks seems to be intelligence collection.
The intrusions were first reported by The Wall Street Journal, which added that the incident is being investigated by US authorities as well as private security experts. People with information on the breach claim that the extent of the attack, including the amount and type of data the hackers saw and stole, is currently unknown.
That said, the hackers seem to have “engaged in a vast collection of internet traffic” from these service providers, including small and large businesses and millions of Americans as customers. To make matters worse, investigators believe that the hackers might have had access to “network infrastructure used to cooperate with lawful US request sf or communications data” for several months.
How the hackers entered the targeted systems is still a mystery. One avenue of attack that is currently being investigated is a breach in Cisco routers. However, a Cisco spokesperson told The Wall Street Journal that while the company is looking into the matter, no indication of the networking company’s routers being the source of the breach. BleepingComputer reports that AT&T and Lumens declined to comment, while Verizon has been unresponsive.
US broadband providers aren’t the only victims of Salt Typhoon, either. Researchers have also discovered that hotels, law firms, and engineering companies have been attacked in multiple countries, including Brazil, Burkina Faso, Canada, France, Guatemala, Israel, Lithuania, Saudi Arabia, South Africa, Taiwan, Thailand, and the United Kingdom.
Salt Typhoon was given its current name by Microsoft, but it’s tracked by several other security companies, including Trend Micro, Kaspersky, ESET, and Mandiant, which all have their own monikers for the hacking group. It has been active since at least 2019 and focuses on government entities and telecom companies, although the targets are usually in Southeast Asia.
In the News: Awaken Likho targets Russia with MeshCentral-based malware