Salt Typhoon attacks may have hit more US firms than previously thought

News
By published

More telecoms were breached by Salt Typhoon, report claims

Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
(Image credit: Shutterstock)
  • More victims of Salt Typhoon attack unveiled by WSJ
  • The extent of the damage caused by the attack is still unknown
  • Some telecoms providers have removed the attackers from their systems

The recent Salt Typhoon cyberattacks may have breached more telecommunications providers than previously thought, with Charter Communications, Consolidated Communications, and Windstream all now believed to also have been affected.

The fresh list of victims comes from a new report by the Wall Street Journal, who cited people familiar with the matter.

The attack also exploited Fortinet network devices that did not have up-to-date security software installed, as well as vulnerable Cisco large network routers.

Attack may have started in 2023

The attack against US telecoms providers was first publicized in a joint statement by the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) on October 25, 2024 - however, the WSJ report states the attack is believed to have started as far back as fall of 2023 - around the same time US National Security Advisor Jake Sullivan was briefing telecom and tech executives on the depth and breadth of Chinese penetration into US critical infrastructure.

Salt Typhoon is now known to have successfully breached the networks of AT&T and Verizon in the attack, but little is known about what data the China-affiliated group was able to access.

Both Lumen and T-Mobile were also targeted during the attack, but both companies have said that they successfully stopped attackers from accessing sensitive customer information. Verizon confirmed that the data of a limited number of high-profile individuals involved in politics was targeted in attacks.

Salt Typhoon also gained access to a ‘lawful interception’ channel used by law enforcement agencies to perform court-ordered wiretaps for national security purposes, with China repeatedly denying any involvement in the attacks and accusing the US of spreading misinformation. China even went so far as to label Volt Typhoon - a similar group believed to be associated with Beijing - as a CIA asset set up to discredit the US’ rivals across the Pacific.

Both Fortinet and Cisco did not comment on the WSJ report, but both organizations have been in the cross hairs of cyber attacks from a range of cyber criminal groups.

Network routers with outdated firmware have been a favorite target as an initial access point for attackers and botnets for several years. Fortinet has also experienced a spate of attacks on its Windows VPN service and Fortigate VPN systems.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.