The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms.
According to the joint advisories [NSA, NCSC], Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., and Sichuan Zhixin Ruijie Network Technology Co. Ltd. have provided cyber products and services to China's Ministry of State Security and the People's Liberation Army, enabling cyber espionage operations tracked as Salt Typhoon.
Since at least 2021, the Chinese threat actors have breached government, telecommunications, transportation, lodging, and military networks worldwide, stealing data that can be used to track targets' communications and movements worldwide.
In particular, over the past couple of years, Salt Typhoon has performed concerted attacks on telecommunication firms to spy on the private communications of individuals worldwide.
BleepingComputer contacted the Chinese embassy about these claims and will update the story if we receive a response.
Targeting networking equipment
A joint advisory by cyber and intelligence agencies in 13 countries warns that the threat actors have had "considerable success" exploiting widely known and fixed flaws on network edge devices rather than relying on zero-days.
These vulnerabilities include:
CVE-2024-21887 (Ivanti Connect Secure command injection),
(Ivanti Connect Secure command injection), CVE-2024-3400 (Palo Alto PAN-OS GlobalProtect RCE),
... continue reading