Chinese hackers have reportedly broken into multiple internet service providers in the United States and are abusing their position to steal sensitive information and lay the groundwork for future attacks.
A study by the Wall Street Journalciting “people familiar with the matter,” the source did not name the compromised ISPs but said there were a “handful” of victims and that the group behind the breaches has been named Salt Typhoon.
Given its name, Salt Typhoon was quickly associated with other Chinese state-sponsored groups, all of which Microsoft referred to as “Typhoon”: Flax Typhoon, Volt Typhoon, and Brass Typhoon.
Paralyzing the American response
While these groups focus on different things and target different victims, the goal appears to be the same: steal sensitive information and disrupt critical infrastructure organizations in the U.S. These groups are reportedly working together to help the Chinese government achieve its geopolitical goals, including a potential invasion of Taiwan.
At the same time, Jeff Greene, Executive Assistant Director for Cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said: The register that the agency is aware of the reports of compromised ISPs, and has essentially said it’s business as usual, as China is known for these types of stunts:
“CISA and our partners continue to highlight the risk posed by Chinese state-sponsored cyber actors, who have compromised IT environments across multiple critical infrastructure sectors and organizations,” he said in a statement.
“We encourage all organisations to read our latest advice and guidance, including our joint Cybersecurity Advisory on identifying and mitigating cross-border living techniques, and take action where necessary.”
Via The register