Salt Typhoon is behind one of the broadest hacking campaigns in recent years, targeting some of the world’s largest phone and internet companies and stealing tens of millions of phone records about senior government officials.
The hacking group, attributed to China, is part of a wider cluster of hackers with the collective aim of helping China prepare for an eventual war with Taiwan, according to researchers. U.S. officials have called China’s potential invasion of Taiwan an “epoch-defining threat.” Much of the group’s efforts have focused on hacking Cisco routers at the edge of a company’s network to break in, and taking control of surveillance devices that U.S. telecom companies are legally required to install to allow law enforcement to monitor calls and messages.
While Salt Typhoon is focused on hacking telecom infrastructure, other China-hacked groups like Volt Typhoon are prepositioning for destructive cyberattacks capable of causing widespread disruption; and Flax Typhoon runs a botnet of hijacked internet-connected devices for hiding the hackers’ malicious internet traffic.
But Salt Typhoon is by far one of the most prolific hacking groups in recent years, including targeting some of the top American phone companies.
The hacks allowed China to obtain call records, text messages, and captured phone audio from senior U.S. officials, many of whom were considered government targets of interest. This prompted the FBI to urge Americans to switch to end-to-end encrypted messaging apps, fearing that their communications could be eavesdropped on by a foreign adversary.
Salt Typhoon went even further, hacking at least 200 companies around the world, according to FBI officials. The list of affected countries keeps growing.
Here are the countries that have attributed hacks to Salt Typhoon.
https://datawrapper.dwcdn.net/7CdGS/7
United States
Some of the top U.S. phone companies, including AT&T and Verizon, were confirmed hacked by Salt Typhoon, as was internet provider CenturyLink (now Lumen). T-Mobile said it was targeted but that the hackers had no access to its customers’ calls, text messages, or voicemails.
... continue reading