Chinese State-sponsored APT Salt Typhoon Breaches US Broadband Provider Networks for Intelligence Collection

In a startling development, the Chinese state-sponsored advanced persistent threat (APT) known as Salt Typhoon has reportedly breached major US broadband provider networks. The breach occurred by infiltrating the systems used for court-authorized wiretapping by law enforcement agencies.

According to sources speaking to the Wall Street Journal, prominent providers such as AT&T and Verizon Communications, as well as enterprise-specific service providers like Lumen Technologies, were affected by the cyberattack. The hackers not only gained access to wiretapping connections but also intercepted general internet traffic flowing through these networks. Additionally, the sources revealed that Salt Typhoon targeted a few entities outside the US and could have maintained access for months.

Described as a potentially catastrophic security breach, the attack was apparently orchestrated by a sophisticated Chinese hacking group focused on intelligence collection. The timing of the breach is particularly concerning, as it follows Salt Typhoon’s recent exposure for hacking into major telecom networks for cyber-espionage.

Ram Elboim, CEO of Sygnia, tracking the APT as “GhostEmperor,” emphasized the necessity for critical infrastructure organizations to fortify their networks with strict segregation strategies and regularly evaluate their resilience. This breach underscores the importance of constantly updating security measures and implementing robust incident response protocols to safeguard against future cyber threats.

As the affected providers—AT&T, Lumen, and Verizon—remain silent on the matter, the incident raises alarms about the vulnerability of essential communication networks to sophisticated cyberattacks and underscores the imperative for heightened vigilance in safeguarding critical infrastructure.