US government says Salt Typhoon still lurks on telecom networks and shares some top tips to stay protected
- A few months ago, Chinese state-sponsored actors were observed on IT networks of ISPs, telecom companies and more
- Since then, the companies have been working hard to clean up their infrastructure
- Salt typhoon still lurks, CISA warns, as it shares guidance on how to defend
The US Cybersecurity and Infrastructure Security Agency (CISA) believes that Salt Typhoon, the Chinese state-sponsored threat actor spotted months ago in telecommunications giants’ networks, is still lurking and has not yet been fully eradicated. To help organizations address this important threat, the agency has released in-depth guidance earlier this week.
Salt Typhoon is a well-known hacker collective on the payroll of the Chinese government. It is mainly concerned with cyber espionage and targets important entities and figures in the West, with info stealers and similar malware.
It is part of a wider campaign that includes a number of other ‘typhoons’ – Flax Typhoon, Volt Typhoon and Brass Typhoon, which aims not only to steal information but also to disrupt critical infrastructure.
Strengthening the network
For months, cybersecurity experts, government agents and the media have been reporting on Salt Typhoon’s attacks on internet service providers, telecommunications companies and similar companies. The targets have been working hard to clean up their IT systems, but CISA says there is still work to be done.
That said, the agency first suggests that telecom companies strengthen their network visibility and focus on monitoring, detecting and understanding network activity. The report then discusses securing systems and devices through protocols and management processes, securing devices and access controls. Finally, it covers incident reporting and provides detailed contact information for reporting cybersecurity incidents in the US, Australia, Canada and New Zealand.
Software manufacturers should build in security principles during development, CISA concluded, advocating secure-by-design configurations, which should reduce reliance on customer hardening.
“Software manufacturers should prioritize secure design configurations to eliminate the need for customer implementation of more stringent guidelines,” the report said. “In addition, customers must demand that the software they purchase is secure.”
For any organization concerned about being targeted by Salt Typhoon (or any other Typhoon), CISA’s guidelines are a must-read.