Salt Typhoon attacks may have hit more US firms than previously thought

Date:
Mon, 06 Jan 2025 14:02:00 +0000

Description:
China denies involvement as more US telecoms providers are revealed to be victims of Salt Typhoon attack.

FULL STORY

The recent Salt Typhoon cyberattacks may have breached more
telecommunications providers than previously thought, with Charter Communications, Consolidated Communications, and Windstream all now believed
to also have been affected.

The fresh list of victims comes from a new report by the Wall Street Journal
, who cited people familiar with the matter.

The attack also exploited Fortinet network devices that did not have
up-to-date security software installed, as well as vulnerable Cisco large network routers.

Attack may have started in 2023

The attack against US telecoms providers was first publicized in a joint statement by the Federal Bureau of Investigation (FBI) and the Cybersecurity
& Infrastructure Security Agency (CISA) on October 25, 2024 - however, the
WSJ report states the attack is believed to have started as far back as fall
of 2023 - around the same time US National Security Advisor Jake Sullivan was briefing telecom and tech executives on the depth and breadth of Chinese penetration into US critical infrastructure.

Salt Typhoon is now known to have successfully breached the networks of AT&T, Verizon, Lumen Technologies, and T-Mobile in the attack, but little is known about what data the China-affiliated group was able to access.

Both Lumen and T-Mobile have said that they successfully stopped the group
from accessing sensitive customer information, with Verizon confirming that
the data of a limited number of high-profile individuals involved in politics was targeted in attacks.

Salt Typhoon also gained access to a lawful interception channel used by law enforcement agencies to perform court-ordered wiretaps for national security purposes, with China repeatedly denying any involvement in the attacks and accusing the US of spreading misinformation. China even went so far as to
label Volt Typhoon - a similar group believed to be associated with Beijing - as a CIA asset set up to discredit the US rivals across the Pacific.

Both Fortinet and Cisco did not comment on the WSJ report, but both organizations have been in the cross hairs of cyber attacks from a range of cyber criminal groups.

Network routers with outdated firmware have been a favorite target as an initial access point for attackers and botnets for several years. Fortinet
has also experienced a spate of attacks on its Windows VPN service and Fortigate VPN systems .

======================================================================
Link to news story: https://www.techradar.com/pro/security/salt-typhoon-attacks-may-have-hit-more- us-firms-than-previously-thought

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)