Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US Government says Salt Typhoon still lurks on telecoms networks, shares some top tips to stay protected

Flag of the People's Republic of China overlaid with a technological network of wires and circuits.

  • A few months ago, Chinese state-sponsored actors were observed on IT networks of ISPs, telcos, and more
  • Since then, the companies worked hard on cleaning up their infrastructure
  • Salt Typhoon still lurks, CISA warns, as it shares guidelines to defend

The US Cybersecurity and Infrastructure Security Agency (CISA) believes Salt Typhoon, the Chinese state-sponsored threat actor that was spotted in telecommunications giants’ networks months ago, is still lurking and hasn’t been completely eradicated. To help organizations tackle this important threat, the agency released in-depth guidance earlier this week.

Salt Typhoon is a known hacking collective, on payroll with the Chinese government. It is mostly engaged in cyber-espionage, targeting important entities and figures in the West, with infostealers and similar malware.

It is part of a wider campaign that includes a number of other “typhoons” - Flax Typhoon, Volt Typhoon, and Brass Typhoon, that seeks not just to steal information, but also to disrupt critical infrastructure.

Strengthening the network

For months now, cybersecurity experts, government agents, and the media have been reporting on Salt Typhoon’s attacks on internet service providers, telecommunications firms, and similar companies. The targets have been working hard on cleaning up their IT systems, but according to CISA, there’s still work to be done.

That being said, the agency first suggests telecoms strengthen their network visibility and focus on monitoring, detecting, and understanding network activity. Then, the report discusses hardening systems and devices through protocols and management processes, device hardening, and access controls. Finally, it tackles incident reporting and provides detailed contact information for reporting cybersecurity incidents in the U.S., Australia, Canada, and New Zealand.

Software manufacturers should embed security principles during development, CISA concluded, advocating for secure-by-design configurations, which should reduce reliance on customer hardening.

“Software manufacturers should prioritize secure by design configurations to eliminate the need for customer implementation of hardening guidelines,” it said. “Additionally, customers should demand that the software they purchase is secure by design.”

For any organization fearing being targeted by Salt Typhoon (or any other Typhoon, for that matter), CISA’s guidance is a must-read.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.