Particle.news
Download on the App Store
22 ARTICLES
·
last mo.

U.S. and Allies Tie Salt Typhoon to Chinese Firms in Global Telecom Spying Campaign

Officials say the group exploited widely known flaws in edge devices to burrow into telecom routers, prompting urgent mitigation.

Image
An electronic display showing cyberattacks in China at the China Internet Security Conference in Beijing, in 2017.
The Government Communications Headquarters in Gloucestershire
Image

Overview

  • Thirteen countries issued a 37-page advisory attributing the years-long Salt Typhoon operation to China-linked actors and naming three companies, including already-sanctioned Sichuan Juxinhe.
  • Authorities say the campaign reached at least 80 countries and targeted more than 600 organizations, including about 200 in the U.S., across telecommunications, government, transportation, lodging and military sectors.
  • The advisory details reliance on fixable vulnerabilities in Cisco, Ivanti and Palo Alto devices (e.g., CVE-2023-20198, CVE-2023-20273, CVE-2024-21887, CVE-2024-3400, CVE-2018-0171) to gain access, persist on routers and pivot via trusted links.
  • Stolen telecom and travel data can enable identification, tracking and, for select targets, interception of communications, with an FBI official warning the operation likely swept up information on millions of Americans.
  • Dutch intelligence independently confirmed access to routers at smaller domestic ISPs and hosting providers and reported no evidence of deeper penetration, as agencies urge rapid patching and coordinated threat hunting.