Particle.news
Download on the App Store
20 ARTICLES
·
4h ago

U.S. and Allies Blame China-Linked Hackers for Global Telecom Espionage, Name Three Firms

The joint advisory urges urgent patching of known router flaws to counter persistent intrusions across roughly 80 countries.

Image
An electronic display showing cyberattacks in China at the China Internet Security Conference in Beijing, in 2017.
The Government Communications Headquarters in Gloucestershire
Image

Overview

  • A 37-page advisory from the NSA, FBI, CISA, the UK NCSC and partners across 13 countries attributes a years-long campaign known as Salt Typhoon to China-linked actors targeting telecoms and other critical sectors.
  • Officials say the operation touched roughly 600 organizations worldwide, including about 200 in the U.S., with activity seen as recently as June.
  • Intrusions leveraged publicly known vulnerabilities in Cisco IOS XE, Ivanti Connect Secure and Palo Alto PAN-OS to compromise backbone and edge routers, maintain persistence, and pivot through trusted network links.
  • Access enabled collection of call records and other telecom data with potential interception and geolocation of millions of users, with reported victims including major U.S. carriers such as AT&T and Verizon.
  • The advisory names Sichuan Juxinhe, Beijing Huanyu Tianqiong and Sichuan Zhixin Ruijie as supporting Chinese intelligence, notes prior U.S. sanctions on Juxinhe, provides IoCs and mitigations for defenders, and includes a formal denial from China.