Light Dark
December 16, 2024 By Jennifer Gregory 3 min read
News

CISA and the FBI recently released a joint statement that the People’s Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat.

According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well as compromised private communications of a limited number of people. Sen. Mark R. Warner (D-Virginia) told the Washington Post that the threat actors listened on audio calls and even moved between networks. As a result, many media sources reported that texts between Android and Apple devices are not secure.

Historic and sophisticated cyberattack

The headlines of the Washington Post deemed it the worst telecom hack in our nation’s history, per a top U.S. senator. On the surface, this seems a bit melodramatic, with only 150 identified victims. However, experts predict the affected number of people will go into the millions. Warner, who serves as chairman of the Senate Intelligence Committee, went as far as to say that Salt Typhoon makes Colonial Pipeline and SolarWinds “look like child’s play.”

The data collected during the attack falls into two categories, reported NBC. The first included call records showing the time and number called, with most records in the Washington, D.C. area. The other included listening to live calls of specific targets, which may include Donald Trump and Kamala Harris.

However, the most concerning aspect of the attack is the national security implications. Richard Forno, Principal Lecturer in Computer Science and Electrical Engineering at UMBC, explained in UMBC Magazine that Salt Typhoon compromised the portals used by U.S. intelligence and law enforcement. As a result, he says that the attackers may have gotten information about which Chinese spies and informants counterintelligence agencies were monitoring, which those targets can then use to avoid detection.

“U.S. officials have said that many of the ways Salt Typhoon penetrated its targets was through existing weaknesses with the infrastructure. As I’ve written previously, failing to implement basic cybersecurity best practices can lead to debilitating incidents for organizations of all sizes. Given how dependent the world is on networked information systems, it is more important than ever to maintain cybersecurity programs that make it difficult for attacks to succeed, especially for critical infrastructure like the phone network,” wrote Forno.

Reducing the risk of Salt Typhoon

With words like espionage and intercepting texts thrown around, the biggest question on people’s minds is how to protect themselves from this threat. Many experts are currently recommending using encrypted apps, such as WhatsApp and X, instead of traditional texting.

“Encryption is your friend, whether it is on text messaging or if you have the capacity to use encrypted voice communications, even if the adversary is able to intercept the data if it is encrypted, it will make it impossible, if not really hard, for them to detect it. So, our advice is to try to avoid using plain text,” said Jeff Greene, CISA Executive Assistant Director for Cybersecurity, during a press briefing reported by USA Today.

Forbes also reported that an FBI official recommended citizens use a cell phone that automatically receives timely operating system updates. Additionally, the phone should have responsibly managed encryption and phishing-resistant multi-factor authentication (MFA) for email, social media and collaboration tool accounts.

“So it’s somewhat ironic that one of the countermeasures recommended by the government to guard against Salt Typhoon spying is to use strongly encrypted services for phone calls and text messages – encryption capabilities that it has spent decades trying to undermine so that only ‘the good guys’ can use it,” wrote Forno.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

 |  |  |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
March 26, 2025

We are moving!

< 1 min read - SecurityIntelligence.com is being sunset, but have no fear!We have a new home for all of your favorite security and X-Force content.Follow us to www.ibm.com/think to maintain access to the stories and news you love, both new and old.Security Intelligence will officially sunset on Friday, March 28, 2025. To access the latest security thought leadership, go here. To access the latest X-Force research, go here.If you are experiencing cybersecurity issues or an incident, contact X-Force® to help:US hotline: 1-888-241-9812 | Global hotline:…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

January 13, 2025

Insights from CISA’s red team findings and the evolution of EDR

3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections. These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings? EDR’s double-edged sword A cornerstone of cyber resilience strategy, EDR solutions are prized for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature