- More Salt Typhoon Attack Victims Revealed by WSJ
- The extent of the damage caused by the attack is still unknown
- Some telecom providers have removed the attackers from their systems
The recent Salt Typhoon cyber attacks may have affected more telecommunications providers than previously thought, with Charter Communications, Consolidated Communications and Windstream now believed to have all also been affected.
The new list of victims comes from a new one report by the Wall Street Journalwho quoted people familiar with the matter.
The attack also exploited Fortinet network devices that did not have up-to-date security software installed, as well as vulnerable major Cisco network routers.
The attack may have started in 2023
The attack on US telecom providers was first published in a joint statement by the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) on October 25, 2024 – but the WJ According to the report, the attack is believed to have begun as early as fall 2023 – around the same time that US National Security Advisor Jake Sullivan was briefing telecom and technology executives on the depth and breadth of Chinese penetration of US critical infrastructure.
It is now known that Salt Typhoon successfully breached the networks of AT&T, Verizon, Lumen Technologies and T-Mobile during the attack, but little is known about what data the China-affiliated group had access to.
Both Lumen and T-Mobile have said they have successfully prevented the group from accessing sensitive customer information, with Verizon confirming that the data of a limited number of high-profile individuals involved in politics were targeted in attacks.
Salt Typhoon also gained access to a “legal intercept channel” used by law enforcement agencies to conduct court-ordered wiretaps for national security purposes, with China repeatedly denying any involvement in the attacks and accusing the US of spreading misinformation. China went so far as to label Volt Typhoon – a similar group believed to have ties to Beijing – as a CIA asset designed to discredit US rivals across the Pacific.
Both Fortinet and Cisco did not comment on the WJ report, but both organizations have been in the crosshairs of cyberattacks from a range of cybercriminal groups.
Network routers with outdated firmware have been a favorite target for years as a first entry point for attackers and botnets. Fortinet has also suffered a wave of attacks on its Windows VPN service and Fortigate VPN systems.