A new Beijing-linked cyber spy crew, dubbed Salt Typhoon, has reportedly breached networks of US internet service providers (ISPs) in stealthy data-stealing missions. The Wall Street Journal reported the breaches, citing “people familiar with the matter.” This is not the first time a Chinese group has targeted US ISPs, following similar incidents attributed to Flax Typhoon and Volt Typhoon.
FBI Director Christopher Wray revealed last week that his agency disrupted a 260,000-device botnet controlled by Flax Typhoon. The group had been building the Mirai-based botnet since 2021 and targeting US critical infrastructure, government, and academics. A recent security advisory accused Flax Typhoon of amassing a SQL database containing details of 1.2 million records on compromised devices.
Experts warn that China’s strategy is to identify and exploit logical choke points in society to take control of information flow and supplies. John Dwyer, Director of Security Research at Binary Defense, attributed the recent intrusion to an unnamed People’s Republic of China team, whose motivation appeared to be espionage and blueprint theft.
“Terry Dunlap, a former US National Security Agency offensive analyst, noted that it makes sense for US adversaries to target ISPs due to the large volume and variety of communications moving in and out of them.” Dunlap believes this is another component of China’s 100-Year Strategy. CISA Executive Assistant Director for Cybersecurity Jeff Greene confirmed that China is known to be infiltrating all manner of critical targets, emphasizing the risk posed by PRC state-sponsored cyber actors.
The US government has encouraged organizations to review their cybersecurity advisories and take action to mitigate potential threats. As the storm season approaches, it remains to be seen whether Salt Typhoon’s activities will escalate or remain a stealthy threat in the background.
Source: https://www.theregister.com/2024/09/25/chinas_salt_typhoon_cyber_spies/