Salt Typhoon Attack: Latest Updates and Security Implications

The Chinese-linked hacking group known as Salt Typhoon has successfully breached nine U.S. telecommunications companies in what Senator Ben Ray Lujan has called “the largest telecommunications hack in our nation’s history.” Here’s what we know about this significant cybersecurity incident along with recent updates:

Timeline and Scope

• The campaign was first discovered in October 2024
• Investigation reveals the attack may have been active for up to two years
• As of December 29, nine telecommunications companies have been confirmed as victims
• Known affected companies include AT&T, Verizon, and Lumen Technologies

Data Compromise and Access

• The hackers gained broad access to telecommunications infrastructure
• Accessed metadata from an undisclosed number of Americans’ communications
• Capability to geolocate millions of individuals
• Ability to record phone calls at will
• Specifically targeted individuals in the Washington D.C.-Virginia area
• High-profile targets included President-elect Donald Trump and Vice President-elect JD Vance

Latest AT&T Statements: AT&T confirmed on December 29 that while they were targeted, their networks are now secure. According to their spokesperson: “We detect no activity by nation-state actors in our networks at this time. Based on our current investigation of this attack, the People’s Republic of China targeted a small number of individuals of foreign intelligence interest.”

Federal Assessment of Telecom Security

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, highlighted several critical security failures:

• One compromised administrator account had access to over 100,000 routers
• Many companies maintained inadequate logging practices
• Basic cybersecurity measures were lacking across the sector
• Voluntary security practices proved insufficient against nation-state threats

Federal Response

• The FCC is proposing new mandatory cybersecurity rules for telecoms
• Vote on new security requirements scheduled for January 15, 2025
• CISA has urged government officials to switch to end-to-end encrypted communications
• Federal agencies are pushing for enhanced collaboration between government and private sector

 Next Steps With CinchOps

How CinchOps Can Help: As a cybersecurity solutions provider, CinchOps offers comprehensive security assessments, network segmentation strategies, and advanced logging solutions

CinchOps will continue to monitor this situation and provide updates as new information becomes available. For immediate assistance with your organization’s cybersecurity needs, please contact our team of experts.

A recent video from Veritasium discussing security weaknesses in the infrastructure of global telecommunication companies.