Investigators ask public to share information about the Salt Typhoon case

Investigators ask public to share information about the Salt Typhoon case

The FBI's investigation into the Salt Typhoon cyberattack campaign, linked to Chinese state-sponsored hackers, is currently focused on containment and intelligence sharing. According to the FBI's top cyber official, the campaign has been largely contained and is dormant within affected telecom networks, meaning the hackers are locked into the location they're in and are not actively infiltrating information at this time [1].

Nine U.S. telecommunications companies have been officially confirmed as victims by the FBI, though additional companies in Europe and North America have been identified as a result of information sharing [1][2]. However, there is ongoing confusion and inconsistency among U.S. agencies about the exact list of impacted companies, partly due to telecom providers invoking legal strategies to avoid disclosing compromises and a lack of consistent back-and-forth communications between agencies and some providers [2].

The attack was significant enough that it made it "impossible" for agencies to predict a full eviction timeline from compromised networks, and hackers were able to access geolocation and cell phone data of millions of Americans, including call data logs and private communications [3][4]. Despite containment, the FBI warns that Salt Typhoon remains a potential threat, as access gained through espionage could be pivoted to support destructive actions if desired [1].

In response to the Salt Typhoon incursion, the FBI, NSA, CISA, and the Federal Communications Commission have collectively issued guidance and proposed new regulations for telecom providers aimed at improving security and incident-reporting practices [3]. Some telecom providers have been instructed by outside counsel not to investigate potential compromises, complicating the investigative process. However, CISA typically reaches out to potential victims when it believes their networks are compromised [2][3].

U.S. lawmakers, such as Senator Cantwell, have demanded greater transparency from major telecom providers (e.g., AT&T, Verizon) regarding their security measures and the handling of the Salt Typhoon incident [3]. The Cybersecurity and Infrastructure Security Agency (CISA) is still working on a final version of a broader incident-reporting mandate that would also cover the telecom industry.

Despite the ongoing investigation, there are no current reports of any public rewards or bounty programs specifically offered by the FBI or other U.S. agencies for information leading to the identification or arrest of those responsible for the Salt Typhoon campaign in relation to its telecom sector targeting [1][2][3]. The FBI's April 24 bulletin asks for any information on the hackers behind the China-affiliated Salt Typhoon's intrusion campaign and their activities.

The government's efforts include identifying the full scope of the compromise, locking down affected networks, and hardening defenses. Salt Typhoon brought attention to the telecom industry's vulnerabilities, including aging computer systems and poor network management after decades of mergers. The telecom industry has worked closely with U.S. authorities in investigating and remediating the Salt Typhoon attacks.

Sen. Ron Wyden (D-Ore.) has placed a hold on Trump's nominee to lead CISA. The head of the FBI branch that oversees the Cybersecurity Division was sidelined in the new Trump administration. Telecom security has been overshadowed in discussions about U.S. critical infrastructure vulnerabilities compared to sectors like water and health-care.

U.S. officials believe the Salt Typhoon campaign is likely far broader than what has been uncovered so far. Salt Typhoon targeted telecommunications networks, which until recently were not subject to any incident-reporting requirements. The FCC only finalized reporting rules for telecommunications networks in March 2024.

In conclusion, the Salt Typhoon cyberattack campaign is currently considered contained but not eliminated. The FBI and partner agencies are active in sharing intelligence, issuing advisories, and pushing for improved incident-reporting rules, but have not announced any rewards for information at this time. Confusion remains about the full impact due to inconsistent victim lists and legal barriers to disclosure [1][2][3]. The FBI is seeking public help to find Chinese hackers involved in a massive cyberattack campaign against U.S. telecommunications providers.

1. The ongoing investigation into the Salt Typhoon cyberattack campaign, linked to Chinese state-sponsored hackers, has revealed that nine U.S. telecommunications companies have been identified as victims, while additional companies in Europe and North America have been detected due to the intelligence sharing process [1][2].
2. Despite the containment of the Salt Typhoon cyberattack, the FBI warns that the hackers still pose a potential threat, as the access gained through espionage could be pivoted to support destructive actions in the future [1]. The government is seeking public help to find Chinese hackers involved in this massive cyberattack campaign against U.S. telecommunications providers, calling for any information on their activities [1][2][3].

Read also: