Update: apparently Salt Typhoon got in through the Lawful Intercept systems at ISPs.
https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=byoB7m Some of you probably already knew, but was news to me… -george Sent from my iPhone Sent from my iPhone > On Sep 25, 2024, at 11:46 AM, Sean Donelan <s...@donelan.com> wrote: > > Wall Street Journal out with an 'exclusive' article. > > This is apparently different than the other *-Typhoon groups (or whatever > your favorite threat intelligence provider calls then). I don't know why the > *-Typhoon groups would limit their intrusions to only U.S. ISPs. Broadband > ISPs in other countries may have similar issues. > > China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ > Cyberattack > > https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 > > > Hackers linked to the Chinese government have broken into a handful of U.S. > internet-service providers in recent months in pursuit of sensitive > information, according to people familiar with the matter. > > The hacking campaign, called Salt Typhoon by investigators, hasn’t previously > been publicly disclosed and is the latest in a series of incursions that U.S. > investigators have linked to China in recent years. The intrusion is a sign > of the stealthy success Beijing’s massive digital army of cyberspies has had > breaking into valuable computer networks in the U.S. and around the globe. > > In Salt Typhoon, the actors linked to China burrowed into America’s broadband > networks. In this type of intrusion, bad actors aim to establish a foothold > within the infrastructure of cable and broadband providers that would allow > them to access data stored by telecommunications companies or launch a > damaging cyberattack.
