• Military
• WMD

• Intelligence Menu               

• Systems
• Operations
• Countries
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Imagery
• Links

• Homeland Security
• Space

Salt Typhoon

Salt Typhoon is potentially similar to other Advanced Persistent Threat actors, such as Flax Typhoon, Volt Typhoon, and GhostEmperor, linked to People's Republic of China. Targets of Salt Typhoon include communications systems for espionage, prepositioning, and potential disruption , with the potential for threat actor to be deeply hidden in systems similar to Volt Typhoon.

On October 25, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) announced that the agencies are investigating the “unauthorized access to commercial telecommunications infrastructure” by actors affiliated with China. This attack was reportedly a months-long espionage operation led by hackers from a group called “Salt Typhoon” and targeted data from the phones of former President Trump, vice presidential candidate and Senator J.D. Vance, and members of the Harris campaign. Allegedly, the group was able to collect audio from phone calls and unencrypted communications including text messages. It’s also reported that Salt Typhoon conducted another cyberattack this month targeting major telecom providers including AT&T and Verizon and the system the federal government uses for court-authorized network wiretapping requests. These breaches potentially exposed millions of Americans’ internet data and sensitive government information to China.

U.S. Sen. Chuck Grassley (R-Iowa) demanded records from AT&T and 17 federal agencies regarding the April 14-25, 2024, cyberattack on AT&T. The hack compromised AT&T customers’ call and text history between May 1 and October 31, 2022. “Bad actors accessed 90 million Americans’ data, which potentially included federal agencies’ communications patterns. That’s a significant national security threat waiting in the wings. Congress ought to know exactly what outstanding vulnerabilities we’re dealing with, as well as how AT&T and the executive branch are actively mitigating future risks,” Grassley said of his inquiry. Among other items, Grassley questioned AT&T’s security protocols and efforts to strengthen them following the breach. He’s additionally asking agencies whether hackers gained access to government materials and why the public didn’t learn of the cyberattack until months after the fact.

According to an AT&T Securities and Exchange Commission (SEC) filing, AT&T was the victim of a data breach from April 14-25, 2024. The filing stated a cyber-actor unlawfully “accessed and copied…records of calls and text messages of nearly all of AT&T’s wireless customers” that occurred from May 1, 2022, to October 31, 2022, and on January 2, 2023. The records identify the telephone numbers that an AT&T or mobile virtual network operator (MVNO) number interacted with, including telephone numbers of AT&T customers and customers from other carriers, counts of the interactions, and aggregate call duration for a day or month. Though the data does not contain the content of calls and texts, it does contain other data. This breach impacted over 90 million people, potentially including data from our federal agencies, and is cause for serious alarm.

House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN), Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY), and Subcommittee Vice Chair Laurel Lee (R-FL) sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) Oct 21, 2024, requesting a briefing for the Committee by November 1 on the recently discovered intrusions by ‘Salt Typhoon,’ a cyber-threat actor affiliated with the People’s Republic of China. The group specifically targeted major internet service providers (ISPs) such as AT&T, Verizon, and Lumen Technologies.

"If reporting about Salt Typhoon’s level of network access is accurate, the PRC could influence communications by rerouting internet traffic, or gain valuable information by accessing systems for lawful wiretapping requests. In other words, this intrusion would significantly jeopardize Americans’ right to privacy and broader U.S. national security interests. We appreciate the continued efforts by U.S government agencies, including CISA and the FBI, to raise awareness about the pre-positioning activities of Volt Typhoon and other PRC-backed cyber threat actors. However, we are extremely concerned about what Salt Typhoon’s intrusion may imply about the state of America’s cyber resiliency. As America’s cyber defense agency, we expect CISA to continue playing a pivotal role in educating Americans about cyber risks. Additionally, we urge CISA to conduct more direct outreach to our critical infrastructure owners and operators to ensure they are prepared to identify and thwart malicious activity in their networks and infrastructure."

“The Committee has taken the threat of PRC-backed cyber actors, including Volt Typhoon, seriously. Last month, we unanimously passed H.R. 9769: The Strengthening Cyber Resilience Against State-Sponsored Threats Act, which directs CISA and the FBI to create a task force that better prioritizes and coordinates U.S. government efforts to defend against PRC-backed cyber threat actors. Although we are encouraged to hear that CISA is participating in a new “emergency team” to address the Salt Typhoon hack, clearly a temporary measure will not suffice. Reporting indicates that Salt Typhoon has been active since 2020, and PRC-backed threats against Western nations primarily aimed at intelligence collection show no sign of waning."

U.S. Senator Richard Blumenthal (D-CT), Chair of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, delivered opening remarks at the 19 Novemer 2024 hearing on “Big Hacks & Big Tech: China’s Cybersecurity Threat.” During the hearing, Blumenthal raised concerns about cybersecurity risks posed by Chinese hacking of American telecommunications firms and the threats Big Tech’s connections to China pose to our democracy, national security, and economy.

Blumenthal pointed to the recent Salt Typhoon cyberattack, which impacted numerous phone companies in the United States, “We are still learning each week about how sprawling and catastrophic this hacking campaign was, but what we know now—and it’s publicly known—should galvanize action now. We need to ensure these specific types of hacks will never happen again. The Federal Communications Commission has the legal authority. Right now, it has the power to set and enforce security standards, and I urge the FCC to start a rulemaking process and investigation.”

“Again, and again, America is caught flat-footed by Chinese spying,” Blumenthal continued. “The breaches of the Office of Personnel Management, Equifax, the countless defense contractors breached, espionage risk from Huawei, DJI, and TikTok. The list goes on. We need to radically rethink how we are protecting against Beijing’s spying and influence.”

Blumenthal also raised concerns about Big Tech’s connections to China, especially as Elon Musk becomes increasingly involved in government affairs, “Relevant to this hearing, Tesla makes half of its cars and as much as a third of its sales in China. Elon Musk is so concerned about protecting Tesla’s market access that he pledged to uphold ‘core socialist values in China.’ He has been parroting Chinese talking points on Taiwan. Senior Chinese officials are even looking to use Mr. Musk to influence the White House.”

Senator Blumenthal concluded by highlighting the need for his bipartisan legislative framework with Ranking Member Josh Hawley (R-MO), which would establish guardrails for artificial intelligence, “I hope we can turn this framework into real rules to prevent American AI technologies from being used against us as well as deal with the broad set of threats we discussed today.”