Salt Typhoon attacks may have hit more US firms than previously thought

News
By
published

More telecoms were breached by Salt Typhoon, report claims

Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
(Image credit: Shutterstock)
  • More victims of Salt Typhoon attack unveiled by WSJ
  • The extent of the damage caused by the attack is still unknown
  • Some telecoms providers have removed the attackers from their systems

The recent Salt Typhoon cyberattacks may have breached more telecommunications providers than previously thought, with Charter Communications, Consolidated Communications, and Windstream all now believed to also have been affected.

The fresh list of victims comes from a new report by the Wall Street Journal, who cited people familiar with the matter.

The attack also exploited Fortinet network devices that did not have up-to-date security software installed, as well as vulnerable Cisco large network routers.

Attack may have started in 2023

The attack against US telecoms providers was first publicized in a joint statement by the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) on October 25, 2024 - however, the WSJ report states the attack is believed to have started as far back as fall of 2023 - around the same time US National Security Advisor Jake Sullivan was briefing telecom and tech executives on the depth and breadth of Chinese penetration into US critical infrastructure.

Salt Typhoon is now known to have successfully breached the networks of AT&T and Verizon in the attack, but little is known about what data the China-affiliated group was able to access.

Both Lumen and T-Mobile were also targeted during the attack, but both companies have said that they successfully stopped attackers from accessing sensitive customer information. Verizon confirmed that the data of a limited number of high-profile individuals involved in politics was targeted in attacks.

Salt Typhoon also gained access to a ‘lawful interception’ channel used by law enforcement agencies to perform court-ordered wiretaps for national security purposes, with China repeatedly denying any involvement in the attacks and accusing the US of spreading misinformation. China even went so far as to label Volt Typhoon - a similar group believed to be associated with Beijing - as a CIA asset set up to discredit the US’ rivals across the Pacific.

Both Fortinet and Cisco did not comment on the WSJ report, but both organizations have been in the cross hairs of cyber attacks from a range of cyber criminal groups.

Network routers with outdated firmware have been a favorite target as an initial access point for attackers and botnets for several years. Fortinet has also experienced a spate of attacks on its Windows VPN service and Fortigate VPN systems.

You might also like

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
China
AT&T and Verizon say they're free of Salt Typhoon hacks at last, as further victims identified
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
China
Salt Typhoon hackers used this clever technique to attack US networks
An American flag flying outside the US Capitol building against a blue sky
Chinese cybersecurity firm sanctioned by US Treasury over alleged links to Salt Typhoon hackers
A wall of data on a large screen.
“It's the same doors that the good guys use, that the bad guys can walk through” - former White House tech advisor on data-centric security in the wake of Salt Typhoon
The flag of the United States fluttering in the wind against a blue sky background.
Are US cellphones at risk? A new bill is coming to stop another Salt Typhoon attack
Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 9 (game #1140)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 9 (game #637)
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
Peter looks to the side with the city skyline behind him in The Night Agent season 2

3 Netflix shows I stopped watching and wouldn't go back to
See more latest
Most Popular
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
Samsung Galaxy S25 Ultra HANDS ON
‘I don't see a space where the S Pen is not a key part of our portfolio’: Samsung executive defends the S Pen amid cancellation rumors
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 9 (game #1140)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 9 (game #637)
Cunard Photo Book
Billions of cherished photos at risk; only a third of Americans back up their precious pics to the cloud
Getac B360 and B360 Pro rugged laptop
This extraordinary rugged laptop can take up to three batteries and three SSDs and even comes with an Nvidia GPU
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Google AI co-scientist overview
Scientists firmly in AI crosshairs as Google launches co-scientist scheme to accelerate scientific breakthroughs just days after another similar project
The Apple MacBook Air next to the Dyson Supersonic R and new AMD GPU
ICYMI: the week's 7 biggest tech stories from the best tech at MWC to Apple's new iPads and MacBooks