Salt Typhoon Storm: A Cyber Assault Targeting Global Telecom

In recent news you might have heard of something called “Salt Typhoon”. Salt Typhoon is a People’s Republic of China state-sponsored cybersecurity activity. They are also known as Volt Typhoon.  

What happened?

A significant cyberattack has been uncovered, revealing extensive infiltration affecting multiple countries all over the world. Foreign actors, state-sponsored by the People’s Republic of China named “Salt Typhoon” has been attributed to the attack. This group targeted several telecommunication companies, including but not limited to AT&T, Verizon and Lumen, [1], gaining access to a vast trove of sensitive data. Among the compromised information are phone and messaging activities of specific Americans involved in government and politics. [2] 

The attack extends beyond telecommunications, affecting critical IT infrastructure in sectors such as energy, transportation, and more. Top U.S. agencies—the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation FBI)--have expressed high confidence these actions are strategic. They warn that Salt Typhoon is positioning itself to disrupt functions in the event of a major crisis or conflict with the United States. 

What is the impact?

The attackers took advantage of technical vulnerabilities to infiltrate secure networks. Once inside, they began collecting and continue to collect information pertaining to business and governmental processes, as well as deploying malware for future use. Their access is believed to be ongoing, enabling them to monitor communications and activities over a prolonged period. Although the primary target was US telecommunications, the attack also impacted critical infrastructure in other countries. As of now, the hackers remain active, and cybersecurity officials have not yet been able to fully remove them from telecom and internet infrastructure.  

US officials have described this as the worst telecom hack in the nation's history, with significant implications for national security. [1]. 

As of right now, Salt Typhoon is able to intercept live voice calls and text messages among other items. It is highly recommended to use encrypted communications when possible. 

What does this mean for me?

This cyberattack is a prolific example of the bad guys flexing their muscles and showing the world what they can do, highlighting the potential risks to global security. While this may not directly affect the average user today, it raises serious concerns and underscores the need for preventative action to protect sensitive communications and data. The Federal Communications Commission (FCC) is actively investigating the breach, though the full scope and impact remain unclear[3] 

Individuals can enhance their security by using apps that provide end-to-end encrypted messaging and voice calls. Popular options include Signal and WhatsApp, both of which offer robust encryption by default. Telegram, while claiming to support end-to-end encryption, requires users to enable this feature manually, and some experts remain cautious due to its partially closed-source code. Additional secure messaging apps such as Wire, Dust, and Session also provide end-to-end encryption, offering users various tools to safeguard their communications. 

Next Steps

While unlikely that the Chinese government is monitoring your personal family phone calls or text messages, it is still a sobering reminder to protect your cyber privacy: 

For Companies:  

• Follow the cybersecurity best practices issued by the Cybersecurity and Infrastructure Security Agency.   

• Invest in and maintain cybersecurity programs such as regular phishing campaigns, training, and IT infrastructure. Ensure that IT departments are adequately staffed and funded – the FCC has threatened companies with fines for noncompliance[4]. 
• Implement basic cybersecurity practices like MFA and complex passwords. Ensure all employees participate.  
• Remain vigilant and monitor news on future attacks 

For Individuals: 

• Use end-to-end encrypted messaging services, ensuring those services use end-to-end encryption; many advertise that they are secure without proving it. Here are some examples, in no particular order:

• • https://signal.org 
  • https://www.whatsapp.com 
  • https://wire.com/en/ 
  • https://usedust.com 
  • https://getsession.org  
• Use complex passwords on devices as well as your home internet.
• Utilize MFA wherever possible. Google Authenticator and Microsoft Authenticator are primarily designed for mobile devices, but both offer some support for desktop or computer use through specific methods. In no particular order, see these MFA examples:
  • Google Authenticator: Google Authenticator is available for both Android and iOS devices. The links below direct you to the official app download pages on Google Play and the Apple App Store. 

• • • For Android users 
    • For iOS users

• • • • No native desktop app: Google Authenticator does not have a dedicated desktop application. However, you can use it on a computer through Android emulators like BlueStacks to run the Android version of Google Authenticator.
        Alternative: You can use Google Authenticator’s web-based alternatives like Authenticator Extension for Chrome or other third-party TOTP (Time-Based One-Time Password) apps for desktops.
  • Microsoft Authenticator:
    • • No native desktop app: Similar to Google Authenticator, Microsoft Authenticator does not have a desktop app. However, it can be used in conjunction with Windows 10/11 via the Microsoft Account and Windows Hello for authentication. 
      • Alternative: You can use Microsoft's Authenticator with Azure AD on your PC for enterprise users, or you could set up MFA using other tools that work with Microsoft services. 
        • BitWarden 
        • Authy 
        • Duo Security 
        • Okta 
        • YubiKey 
        • Ping Identity 

In an increasingly interconnected world, the Salt Typhoon cyberattack serves as a stark reminder of the vulnerabilities inherent in our digital infrastructure. While the full scope of the breach continues to unfold, its implications for national security and personal privacy cannot be overstated. By adopting proactive measures—whether through encrypted communications, robust cybersecurity practices, or vigilance against emerging threats—we can mitigate risks and safeguard the systems we rely on daily. This incident is a call to action for individuals, organizations, and governments alike to prioritize cybersecurity as a critical defense against future challenges in the ever-evolving digital landscape. 

For information on how Solve iT keeps businesses secure, visit us at www.solveit.rocks.