China's Salt Typhoon Hack: 200+ US Companies Targeted

Chinese Hacking Campaign Expands Significantly

A hacking operation, financially supported by Chinese entities, initially identified as compromising nine U.S. telecommunications and internet service providers, has now demonstrably impacted at least 200 American companies. This assessment comes from the FBI’s leading cybersecurity official.

Brett Leatherman, Assistant Director at the FBI, disclosed to The Washington Post that the hacking group, known as Salt Typhoon, has also successfully breached organizations in 80 nations. This marks the first official acknowledgement of the campaign’s extensive global reach.

Affected Companies and Initial Breaches

While a comprehensive list of compromised entities remains undisclosed, previous reports confirmed breaches at AT&T, Verizon, and Lumen. Further investigation revealed that Charter Communications and Windstream were also among the victims.

Focus of the Espionage Effort

The primary objective of the hackers centered on acquiring call detail records pertaining to prominent U.S. political figures and government officials. This allowed them to construct a network map illustrating communication patterns and identify individuals subject to U.S. surveillance under legal authorization.

Due to the severity of the threat, the FBI previously recommended that U.S. citizens transition to utilizing end-to-end encrypted messaging applications. This precaution aimed to safeguard their communications from potential unauthorized access.

Technical Details and International Response

In a jointly issued advisory [PDF] released on Wednesday, the FBI, in collaboration with nearly two dozen international cybersecurity agencies, detailed Salt Typhoon’s tactics. The group predominantly targets company routers to intercept and extract sensitive network data.

The advisory also provides specific technical guidance to assist organizations in detecting and mitigating potential intrusions.