Light Dark
December 16, 2024 By Jennifer Gregory 3 min read
News

CISA and the FBI recently released a joint statement that the People’s Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat.

According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well as compromised private communications of a limited number of people. Sen. Mark R. Warner (D-Virginia) told the Washington Post that the threat actors listened on audio calls and even moved between networks. As a result, many media sources reported that texts between Android and Apple devices are not secure.

Historic and sophisticated cyberattack

The headlines of the Washington Post deemed it the worst telecom hack in our nation’s history, per a top U.S. senator. On the surface, this seems a bit melodramatic, with only 150 identified victims. However, experts predict the affected number of people will go into the millions. Warner, who serves as chairman of the Senate Intelligence Committee, went as far as to say that Salt Typhoon makes Colonial Pipeline and SolarWinds “look like child’s play.”

The data collected during the attack falls into two categories, reported NBC. The first included call records showing the time and number called, with most records in the Washington, D.C. area. The other included listening to live calls of specific targets, which may include Donald Trump and Kamala Harris.

However, the most concerning aspect of the attack is the national security implications. Richard Forno, Principal Lecturer in Computer Science and Electrical Engineering at UMBC, explained in UMBC Magazine that Salt Typhoon compromised the portals used by U.S. intelligence and law enforcement. As a result, he says that the attackers may have gotten information about which Chinese spies and informants counterintelligence agencies were monitoring, which those targets can then use to avoid detection.

“U.S. officials have said that many of the ways Salt Typhoon penetrated its targets was through existing weaknesses with the infrastructure. As I’ve written previously, failing to implement basic cybersecurity best practices can lead to debilitating incidents for organizations of all sizes. Given how dependent the world is on networked information systems, it is more important than ever to maintain cybersecurity programs that make it difficult for attacks to succeed, especially for critical infrastructure like the phone network,” wrote Forno.

Reducing the risk of Salt Typhoon

With words like espionage and intercepting texts thrown around, the biggest question on people’s minds is how to protect themselves from this threat. Many experts are currently recommending using encrypted apps, such as WhatsApp and X, instead of traditional texting.

“Encryption is your friend, whether it is on text messaging or if you have the capacity to use encrypted voice communications, even if the adversary is able to intercept the data if it is encrypted, it will make it impossible, if not really hard, for them to detect it. So, our advice is to try to avoid using plain text,” said Jeff Greene, CISA Executive Assistant Director for Cybersecurity, during a press briefing reported by USA Today.

Forbes also reported that an FBI official recommended citizens use a cell phone that automatically receives timely operating system updates. Additionally, the phone should have responsibly managed encryption and phishing-resistant multi-factor authentication (MFA) for email, social media and collaboration tool accounts.

“So it’s somewhat ironic that one of the countermeasures recommended by the government to guard against Salt Typhoon spying is to use strongly encrypted services for phone calls and text messages – encryption capabilities that it has spent decades trying to undermine so that only ‘the good guys’ can use it,” wrote Forno.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

 |  |  |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
December 9, 2024

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally. The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets. Who is exploiting the NGFW zero-day? As of now, little is known about the…

December 2, 2024

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

November 25, 2024

CISA adds Microsoft SharePoint vulnerability to the KEV Catalog

3 min read - In late October, the United States Cybersecurity & Infrastructure Security Agency (CISA) added a new threat to its Known Exploited Vulnerability (KEV) Catalog. Cyber criminals used remote code execution vulnerability in Microsoft SharePoint to gain access to organizations’ networks. The CISA press release states that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” However, Microsoft identified and released a patch for this vulnerability in July 2024. Cybersecurity experts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature