US Government says Salt Typhoon still lurks on telecoms networks, shares some top tips to stay protected

News
By
published

CISA publishes new guidance on defending against Salt Typhoon

Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
(Image credit: Shutterstock)
  • A few months ago, Chinese state-sponsored actors were observed on IT networks of ISPs, telcos, and more
  • Since then, the companies worked hard on cleaning up their infrastructure
  • Salt Typhoon still lurks, CISA warns, as it shares guidelines to defend

The US Cybersecurity and Infrastructure Security Agency (CISA) believes Salt Typhoon, the Chinese state-sponsored threat actor that was spotted in telecommunications giants’ networks months ago, is still lurking and hasn’t been completely eradicated. To help organizations tackle this important threat, the agency released in-depth guidance earlier this week.

Salt Typhoon is a known hacking collective, on payroll with the Chinese government. It is mostly engaged in cyber-espionage, targeting important entities and figures in the West, with infostealers and similar malware.

It is part of a wider campaign that includes a number of other “typhoons” - Flax Typhoon, Volt Typhoon, and Brass Typhoon, that seeks not just to steal information, but also to disrupt critical infrastructure.

Strengthening the network

For months now, cybersecurity experts, government agents, and the media have been reporting on Salt Typhoon’s attacks on internet service providers, telecommunications firms, and similar companies. The targets have been working hard on cleaning up their IT systems, but according to CISA, there’s still work to be done.

That being said, the agency first suggests telecoms strengthen their network visibility and focus on monitoring, detecting, and understanding network activity. Then, the report discusses hardening systems and devices through protocols and management processes, device hardening, and access controls. Finally, it tackles incident reporting and provides detailed contact information for reporting cybersecurity incidents in the U.S., Australia, Canada, and New Zealand.

Software manufacturers should embed security principles during development, CISA concluded, advocating for secure-by-design configurations, which should reduce reliance on customer hardening.

“Software manufacturers should prioritize secure by design configurations to eliminate the need for customer implementation of hardening guidelines,” it said. “Additionally, customers should demand that the software they purchase is secure by design.”

For any organization fearing being targeted by Salt Typhoon (or any other Typhoon, for that matter), CISA’s guidance is a must-read.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
China
Salt Typhoon hackers used this clever technique to attack US networks
China
US Government officials urged to lock down devices amid telecoms breach
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
Salt Typhoon attacks may have hit more US firms than previously thought
China
AT&T and Verizon say they're free of Salt Typhoon hacks at last, as further victims identified
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Latest in Security
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
Latest in News
Victrola Stream Carbon turntable playing David Bowie, with the tonearm being operated
Victrola has put Bluetooth, UPnP and Roon in its Sonos-only turntables and it's the hi-fi equivalent of ‘I think we should see other people’
Android 16 logo on a phone
Android 16 beta users are reporting major battery drain issues – but I’m not too worried about it
Woman holding phone in field with Spotify app onscreen
The Spotify bug that shows ads to Premium subscribers has finally been fixed - for now at least
PC Gamer looking happy
AMD might go for Nvidia’s jugular in Q2 with a faster RX 9070 ‘Extreme’ GPU that could leave the RTX 5070 Ti in the dust
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Man adjusting settings on Garmin Fenix 6 watch
Garmin Fenix 6, Enduro, Marq and Tactix watches are getting fixes to solve some frustrating problems – here's what's new
More about security
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.

Microsoft reveals over a million PCs hit by malvertising campaign
Woman using iMessage on iPhone

UK government guidelines remove encryption advice following Apple backdoor spat
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
See more latest
Most Popular
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
Victrola Stream Carbon turntable playing David Bowie, with the tonearm being operated
Victrola has put Bluetooth, UPnP and Roon in its Sonos-only turntables and it's the hi-fi equivalent of ‘I think we should see other people’
XXX Nightshift promotional art.
Disco Elysium successor XXX Nightshift nets some serious musical talent
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 8 (game #1139)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 8 (game #370)
A collage of Hugh Grant, Daredevil, and Meghan Markle
7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (March 7)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 8 (game #636)
PC Gamer looking happy
AMD might go for Nvidia’s jugular in Q2 with a faster RX 9070 ‘Extreme’ GPU that could leave the RTX 5070 Ti in the dust
Mac Studio from above.
New benchmark suggests Apple's M3 Ultra may not be much faster than the M4 Max - only a minor uplift in multi-core performance
Woman holding phone in field with Spotify app onscreen
The Spotify bug that shows ads to Premium subscribers has finally been fixed - for now at least