Salt Typhoon is behind one of the most extensive hacking campaigns in recent years, targeting the world's largest phone and internet companies and stealing tens of millions of phone records related to government officials.
Researchers say the hacker group is Chinese and part of a broader collective of hackers whose collective goal is to help China prepare for an eventual war with Taiwan. U.S. officials have called a possible Chinese invasion of Taiwan a “defining threat of our time.” Much of the group's efforts have focused on hacking into Cisco routers at the edge of corporate networks and taking control of surveillance equipment that U.S. carriers are legally required to install so law enforcement can monitor calls and messages.
While Salt Typhoon focuses on hacking communications infrastructure, other Chinese-hacked groups like Bolt Typhoon are preparing devastating cyberattacks that could cause widespread disruption. Flax Typhoon runs a botnet of hijacked internet-connected devices to hide hackers' malicious internet traffic.
However, Salt Typhoon has been one of the most prolific hacking groups in recent years, targeting some of America's top phone companies.
The hack allowed China to obtain call records, text messages and recorded phone calls of senior U.S. officials, many of which were considered to be of interest to the government. In response, the FBI urged Americans to switch to end-to-end encrypted messaging apps, fearing their communications could be intercepted by foreign adversaries.
Salt Typhoon went further, hacking at least 200 companies around the world, FBI officials said. The list of affected countries continues to grow.
The countries that have attributed the hack to Salt Typhoon are:
https://datawrapper.dwcdn.net/7CdGS/7
US
Some major U.S. phone companies, including AT&T and Verizon, have been confirmed to have been hacked by Salt Typhoon, as has internet provider CenturyLink (now Lumen). T-Mobile said it was targeted, but the hackers were unable to access customers' calls, text messages or voicemails.
Satellite communications giant Viasat was also compromised, giving hackers access to tools used by law enforcement to access other people's communications.
Internet and data providers Charter Communications (Spectrum) and Windstream were also among the victims of the salt storm. Fiber network giant Consolidated Communications was reportedly hacked as part of the campaign.
Hackers didn't just target phone and internet providers. According to some reports, Salt Typhoon compromised the networks of the US state's National Guard, stole data, and gained access to the networks of every other US state and several territories.
North America and South America
According to security firm Recorded Future, its researchers have witnessed Salt Typhoon targeting Cisco devices associated with universities in Argentina, Mexico, and other countries.
Meanwhile, the Canadian government admitted that its top telecommunications company was hacked by China as part of Salt Typhoon's long-running espionage campaign. Canada also confirmed that several Cisco routers belonging to a telecommunications giant were hacked and data was stolen.
The Ottawa government warned that companies “broader than just the telecommunications sector” were being targeted.
Trend Micro announced that salt typhoon activity has been confirmed in Brazil, South America's most populous country.
Asia, Africa, Oceania
Recorded Future said Salt Typhoon was seen targeting at least one Myanmar-based telecommunications provider, Mitel, and a South African telecommunications provider via hacked Cisco routers. Attacks targeting university routers have also been confirmed in Bangladesh, Indonesia, Malaysia, and Thailand.
Japan has also warned of the threat of salt typhoons to its networks.
Both the Australian and New Zealand governments say they have confirmed salt typhoon activity in the communications and critical infrastructure sectors. New Zealand said Salt Typhoon hackers had infiltrated not only government departments but also networks of transport, accommodation and military infrastructure.
Trend Micro also announced that it had discovered at least 20 compromised organizations across the telecommunications, consulting, chemical, and transportation industries, as well as government agencies and nonprofits in various countries, including Afghanistan, Eswatini, India, Taiwan, and the Philippines.
Europe
The UK government has confirmed that there has been “cluster activity” of salt typhoons across the UK. The activities have not been specified, but news reports suggest that senior British government officials may have had their phone records tapped and their text messages read.
Norway also confirmed that Salt Typhoon had hacked multiple organizations in the country.
Dutch authorities said several small internet providers and web hosts were targeted and had access to their routers, but their internal networks were not compromised.
According to Recorded Future, an Italian internet provider has been hacked.
Czech cybersecurity officials say incidents related to the Salt Typhoon hack have also been witnessed in Finland and Poland.