Source: www.techrepublic.com – Author: Aminu Abdullahi
Published
Salt Typhoon hackers bypassed smash-and-grab tactics, infiltrating routers and surveillance systems to steal sensitive data and evade detection.
The FBI and cybersecurity agencies from more than a dozen countries have issued a joint alert about Salt Typhoon, a state-sponsored Chinese hacking group accused of breaching critical infrastructure in over 80 countries and targeting more than 200 US organizations.
The advisory, backed by the Five Eyes alliance and partner nations across Europe and Asia, describes the campaign as one of the most expansive cyberespionage campaigns attributed to a nation-state.
The hackers have been active since at least 2019, initially infiltrating telecommunications networks before expanding into sectors such as transportation, hospitality, defense, and government systems.
Salt Typhoon did not rely on traditional smash-and-grab techniques, according to investigators. Instead, the group stealthily gained access to network infrastructure, including routers, edge hardware, and surveillance systems, remaining undetected for prolonged periods. By tapping into these systems, they were able to intercept sensitive call records, law enforcement directives, and data flowing through critical networks.
“This shows much more broad, indiscriminate targeting of critical infrastructure across the globe in ways that go well outside the norms of cyberspace operations,” Brett Leatherman, assistant director of the FBI’s Cyber Division, told The Washington Post.
The hackers also reportedly compromised “lawful intercept” systems used by telecommunications companies, granting visibility into government monitoring activities and targeting specific individuals.
Who’s behind Salt Typhoon?
Authorities have tied the campaign to three Chinese firms:
- Sichuan Juxinhe Network Technology Co. Ltd.
- Beijing Huanyu Tianqiong Information Technology Co.
- Sichuan Zhixin Ruijie Network Technology Co. Ltd.
These firms were accused of supplying cyber tools and services to both the People’s Liberation Army and China’s Ministry of State Security to facilitate these intrusions. While the FBI and its allies refer to the group as Salt Typhoon, private cybersecurity firms have tracked it under other labels such as GhostEmperor, UNC5807, and RedMike.
Despite ongoing efforts, officials say the Salt Typhoon remains active. Leatherman warned that expelling the hackers has been difficult because they leave behind hidden reentry points. As he told The Washington Post: “Just because it was secure six months ago does not mean it is now.”
The joint advisory outlines technical indicators, lists known vulnerabilities, and urges companies and governments to act swiftly, recommending steps such as implementing rapid patching, adopting zero-trust models, disabling unused services, and strengthening authentication protocols.
When three major platforms face the same breach, the message is clear: no company is immune. See what happened and why it matters.
Aminu Abdullahi
Aminu Abdullahi is an experienced B2B technology and finance writer. He has written for various publications, including TechRepublic, eWEEK, Enterprise Networking Planet, eSecurity Planet, CIO Insight, Enterprise Storage Forum, IT Business Edge, Webopedia, Software Pundit, Geekflare and more.
Original Post URL: https://www.techrepublic.com/article/news-salt-typhoon-cyber-spies-breach/
Category & Tags: APAC,International,News,Security – APAC,International,News,Security
Views: 3
