Salt Typhoon Attack US and Canada Telecom Companies

Salt Typhoon Attack on U.S. Telecom Companies

The salt typhoon attack on U.S. telecom companies has become a hot topic in cybersecurity. The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have revealed that Chinese hackers, believed to be part of a group called Salt Typhoon, have breached multiple U.S. telecom providers, including Verizon, AT&T, and Lumen Technologies The breaches were part of an espionage campaign aimed at gaining access to a communications interception system used for lawful crime investigation requests.

The investigation is ongoing, and the agencies are working with affected companies to mitigate the threat and strengthen cyber defenses. Organizations that believe they might have been compromised are urged to contact their local FBI office or CISA.

The breaches have raised concerns about the potential severity of the hack, as the hackers may have accessed sensitive information, including data from phones used by political figures such as former President Donald Trump and Vice President Kamala Harris. The U.S. government is collaborating with industry partners to address the threat and protect critical infrastructure.

The Chinese Embassy in Washington has dismissed the allegations as disinformation, calling the U.S. the origin and biggest perpetrator of cyberattacks. However, U.S. intelligence agencies have warned for months that foreign adversaries have been using cyberattacks and influence operations to meddle with the upcoming presidential election.

The investigation is still ongoing, and it is unclear what data the hackers were able to access. Cyber attacks on US telecom companies is not new. Recently, the AT&T data breach in July 2024 has sent shockwaves across the cybersecurity community, affecting a staggering 109 million customers.  The U.S. government is urging organizations to implement strict security measures, including multi-factor authentication, logging, traffic monitoring, and anti-phishing training.

Salt Typhoon Attack on Canada

While it’s anticipated that the United States will face increased cyberespionage activity due to the upcoming presidential elections and ongoing influence operations, it’s important to note that similar activities also target Canada. On Friday, the government of Canada announced that state-sponsored threat actors from China have been conducting extensive network scans over the past few months, targeting a wide range of organizations.

According to the Government of Canada, the majority of affected entities were federal departments and agencies, including federal political parties, the House of Commons, and the Senate. Additionally, dozens of other organizations were targeted, such as democratic institutions, critical infrastructure, the defense sector, media organizations, think tanks, and NGOs.

In their latest statement, the Canadian Center for Cyber Security stated that “While we observe reconnaissance scanning on a near-constant basis, this widespread activity from a sophisticated threat actor against multiple organizations across multiple sectors is an opportunity to increase awareness of the potential threats facing Canadian organizations and share simple steps everyone can take to protect against them.”

However, Canada emphasized that these scans are primarily reconnaissance efforts and do not constitute security breaches of the mentioned entities. Nonetheless, the government urges important organizations in the country to implement stringent security measures, including multi-factor authentication, logging, traffic monitoring, and anti-phishing training.

Read “How to Prevent Ransomware Attacks in 2024?” to learn more about ransomware prevention and response best practices.

For cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.

Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.