Salt Typhoon has emerged as the force behind one of the most sweeping hacking campaigns seen in recent years, targeting some of the world’s biggest phone and internet companies and stealing tens of millions of phone records linked to senior government officials.
The hacking group, attributed to China, is part of a broader cluster of threat actors whose shared objective is to help China prepare for a possible future war with Taiwan, according to researchers. U.S. officials have described the possibility of a Chinese invasion of Taiwan as an “epoch-defining threat.” Much of Salt Typhoon’s activity has centred on compromising networks by exploiting Cisco routers at the edge of company systems and taking control of surveillance equipment that U.S. telecom operators are legally required to install, allowing law enforcement to monitor calls and messages.
While Salt Typhoon’s focus is on telecom infrastructure, other China-linked groups such as Volt Typhoon and Flax Typhoon have taken on different roles. Volt Typhoon has been positioning itself to mount destructive cyberattacks that could cause disruption. At the same time, Flax Typhoon operates a botnet that hijacksinternet-connected devices to conceal malicious traffic.
Even so, Salt Typhoon stands out as one of the most active hacking groups in recent memory, including through its attacks on some of the largest phone companies in the United States.
Those intrusions gave China access to call logs and text messages, and even captured phone audio of senior U.S. officials, many of whom were considered valuable government targets. The scale of the breach was serious enough that the FBI urged Americans to move to end-to-end encrypted messaging apps, warning that a foreign adversary could be listening in on their communications.
Salt Typhoon’s reach extended even further, with FBI officials saying the group had hacked at least 200 companies worldwide. The number of countries reporting campaign-related activity continues to rise.
Here are the countries that have linked cyberattacks to Salt Typhoon.
United States
Several of the leading U.S. telecom companies, including AT&T and Verizon, were confirmed to have been hacked by Salt Typhoon, as was internet provider CenturyLink, now known as Lumen. T-Mobile said it had also been targeted, though the company said the hackers did not gain access to customers’ calls, text messages, or voicemails.
Satellite communications company Viasat was also compromised, giving hackers access to law enforcement tools used to obtain other people’s communications.
Charter Communications, which operates Spectrum, and Windstream were also identified as victims of Salt Typhoon. Fibre network provider Consolidated Communications was also reportedly breached as part of the wider campaign.
The hackers did not limit themselves to telecom and internet companies. According to multiple reports, Salt Typhoon also compromised the network of a U.S. state’s National Guard, enabling the group to steal data and gain access to networks across every other U.S. state and several territories.
North and South America
Security firm Recorded Future said its researchers observed Salt Typhoon targeting Cisco devices linked to universities in Argentina and Mexico, as well as other locations.
At the same time, the Canadian government confirmed that China had hacked some of the country’s leading telecommunications firms as part of Salt Typhoon’s broader espionage effort. Canada also said that several Cisco routers at a major telecom company had been compromised to steal data from the business.
Officials in Ottawa warned that they were seeing targeting that went “broader than just the telecommunications sector.”
Trend Micro reported detecting Salt Typhoon activity in Brazil, the most populous country in South America.
Asia, Africa, and Oceania
Recorded Future said it has seen Salt Typhoon targeting at least one telecom provider based in Myanmar, Mytel, through compromised Cisco routers, as well as a telecommunications provider in South Africa. The firm also said it had observed attacks targeting university routers in Bangladesh, Indonesia, Malaysia, and Thailand.
Japan has also warned about the threat posed by Salt Typhoon to its networks.
Both Australia and New Zealand have reported detecting Salt Typhoon activity affecting their telecom and critical infrastructure sectors. New Zealand said it also found Salt Typhoon hackers inside government systems and networks tied to transportation, lodging, and military infrastructure.
Trend Micro also said it had identified at least 20 compromised organisations across the telecommunications, consulting, chemical, and transportation sectors, as well as government bodies and nonprofits in multiple countries, including Afghanistan, Eswatini, India, Taiwan, and the Philippines.
Europe
The British government has confirmed that a “cluster of activity” linked to Salt Typhoon was detected across the United Kingdom. Although officials did not specify the exact nature of the incidents, news reports suggest that senior U.K. government staff may have had their phone records accessed and text messages read.
Norway has also confirmed that Salt Typhoon hacked several organisations in the country.
Authorities in the Netherlands said several smaller internet providers and web hosts were targeted, and that the attackers gained access to routers, although their internal networks were not breached.
Recorded Future said an Italian internet provider was also hacked.
According to cybersecurity officials in the Czech Republic, incidents linked to Salt Typhoon intrusions have also been observed in Finland and Poland.
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
