Chinese hackers reportedly infiltrate several major US internet firms

Salt Typhoon compromised multiple ISPs, but it’s not known who

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Chinese hackers have allegedly broken into multipleinternet service providers(ISP) in the United States, and are using their position to steal sensitive information and lay the groundwork for future attacks.

An investigation by theWall Street Journal, which cited “people familiar with the matter”, did not name the compromised ISPs, but did mention there has been a “handful” of victims, and that the group behind the intrusions has been dubbed Salt Typhoon.

Given the name, Salt Typhoon has quickly been linked to other Chinese state-sponsored groups, all of whichMicrosoftnamed ‘typhoon’ - Flax Typhoon, Volt Typhoon, and Brass Typhoon.

Crippling the US response

While these groups focus on different things, and target different victims, the goal seems to be the same - to steal sensitive information, and disrupt critical infrastructure organizations in the US. These groups are reportedly working in coordination to assist the Chinese government in achieving its geo-political goals, including a possible invasion of Taiwan.

At the same time, US Cybersecurity and Infrastructure Security Agency (CISA) Executive Assistant Director for Cybersecurity, Jeff Greene, toldThe Registerthat the agency is aware of the reports of compromised ISPs, and basically said it’s business as usual, since China is known for pulling these kinds of stunts:

“CISA and our partners continue to emphasize the risk posed by PRC state-sponsored cyber actors, who have compromised the IT environments across multiple critical infrastructure sectors and organizations,” he said in a statement.

“We encourage all organizations to review our latest advisories and guidance, to include our joint Cybersecurity Advisory on identifying and mitigating living off the land techniques, and take action, as appropriate.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing