Home China-linked Salt Typhoon spies are still in U.S. telecoms network, agencies reveal

China-linked Salt Typhoon spies are still in U.S. telecoms network, agencies reveal

TLDR

  • China-linked "Salt Typhoon" hackers remain in U.S. telecom networks despite investigations.
  • CISA, FBI, and NSA issue joint guidance to secure critical infrastructure and telecoms.
  • Hackers reportedly intercepted calls and texts; removal timeline remains uncertain.

China-linked spies continue to infiltrate U.S. telecommunications networks, with their presence still detected nearly six months after American officials launched an investigation into the breaches, senior officials reported on Tuesday (Dec. 3).

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners have now released a joint guide detailing best practices to defend against an alleged threat actor affiliated with the People’s Republic of China (PRC) that has infiltrated the networks of major global telecommunications providers.

This marks the first official confirmation from U.S. authorities that Salt Typhoon hackers continue to maintain access to critical infrastructure, posing significant challenges in efforts to remove them. In November, CISA and the FBI issued a warning about these threat actors.

CISA Executive Assistant Director for Cybersecurity Jeff Greene said in a joint statement: “The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses.”

He encouraged software manufacturers to integrate the principles outlined in the guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, into their development processes to enhance the security of their customers’ systems.

FBI’s Cyber Division Assistant Director, Bryan Vorndran, reiterated the comments, adding: “We strongly encourage organizations to review and implement the recommended measures in this guide and to report suspicious activity to their local FBI field office.”

The guide outlines fundamental steps such as maintaining activity logs on the network, keeping an inventory of all devices within the telecom environment, and updating any default equipment passwords. For now, officials recommend that government employees use encrypted services for phone calls and text messages.

Salt Typhoon hack

An official noted that most individuals affected by this extensive surveillance are believed to be located in the D.C. metro area. Politico previously reported that up to 80 telecommunications and internet service providers might have been impacted by the widespread hack. Some of these reportedly include AT&T, Verizon, and Lumen, among others, while T-Mobile said it was targeted but largely repelled the attackers.

In a limited number of targeted cases, Salt Typhoon specifically sought to intercept text messages and eavesdrop on phone calls from certain individuals. FBI and CISA officials acknowledge they do not yet have a timeline for when U.S. telecom providers will completely remove Salt Typhoon from their networks.

In February, ReadWrite reported CISA revealed that China-backed hackers had been infiltrating major U.S. critical infrastructure sectors for “at least five years.” Volt Typhoon had systematically targeted and gained prolonged access to networks within critical sectors, including water, transportation, energy, and communications.

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech, gambling and blockchain industries for major developments, new product and brand launches, AI breakthroughs, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.