Arthur T Knackerbracket has processed the following story:
The reach of the China-linked Salt Typhoon gang extends beyond telecommunications giants in the United States, and its arsenal includes several backdoors – including a brand-new malware dubbed GhostSpider – according to Trend Micro researchers.
While the crew has made headlines recently for hacking "thousands and thousands" of devices at US telcos, research published on Monday by Trend Micro's threat intel team suggests Salt Typhoon (which Trend tracks as Earth Estries) has also hit more than 20 organizations globally since 2023. These span various sectors – including technology, consulting, chemical and transportation industries, government agencies, and non-profit organizations (NGOs) in the US, the Asia-Pacific region, the Middle East, and South Africa.
Affected countries include Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, the US, and Vietnam.
It's "one of the most aggressive Chinese advanced persistent threat (APT) groups," Trend Micro's Leon Chang, Theo Chen, Lenart Bermejo, and Ted Lee wrote.
"We found that in 2023, the attackers had also targeted consulting firms and NGOs that work with the US federal government and military," the threat intel team observed.
These intrusions not only compromised telcos' database and cloud servers, but also attacked the firms' suppliers – in at least one instance implanting the Demodex rootkit on machines used by a major contractor to a dominant regional telecommunications provider. Trend Micro's analysts think that shows Salt Typhoon wanted to gain access to more targets.
« Google Maps Drops "Speed Trap" Reports For Broader "Police" Option | Intel CEO Pat Gelsinger Resigns »
Related Stories
With the help of tipsters, the cybersecurity agency was able to 'connect the dots' to crack what has been called one of the worst telecom hacks in US history:
Chinese state-backed cyber espionage group Salt Typhoon, which has been in the news for its breach of U.S. telecom firms, was first discovered on the federal network using a different name, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).
"We saw it as a separate campaign called another goofy cyber name. And we were able to—based on the visibility that we had within the federal networks—to be able to connect some dots," she said during a discussion at the Foundation for Defense of Democracies on Jan. 15.
[...] The earlier identification under a different name enabled officials to connect the dots with the help of tipsters from the private sector, which Easterly said ultimately "led to kind of cracking open the larger Salt Typhoon piece."
[...] On Jan. 17, the U.S. Treasury Department announced it was sanctioning Chinese cybersecurity company Sichuan Juxinhe Network Technology Co. for "direct involvement in the Salt Typhoon cyber group."
"Chinese state-backed cyber actors continue to present some of the greatest and most persistent threats to U.S. national security," the Treasury Department said.
The Treasury Department also sanctioned Shanghai-based hacker Yin Kecheng, who was allegedly behind a major breach of the department's network in early December. The cyber actor is affiliated with China's Ministry of State Security, the department said.
Previously:
- U.S. Treasury Confirms It Was Breached by China-Backed Hackers
- A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says
- Wyden Law Would Give FCC Greater Power Over Telecom's Lax Cybersecurity In Wake Of Ugly Salt Typhoon
- Salt Typhoon's Cyberstorm Reaches Beyond US Telcos
- Senators Ask Cyber Review Board to Conduct Investigation on Chinese Hack Group
From reuters.com:
The U.S. House of Representatives is set to vote next week on an annual defense bill that includes just over $3 billion for U.S. telecom companies to remove equipment made by Chinese telecoms firms Huawei and ZTE (000063.SZ) , opens new tab from American wireless networks to address security risks.
The 1,800-page text was released late Saturday and includes other provisions aimed at China, including requiring a report on Chinese efforts to evade U.S. national security regulations and an intelligence assessment of the current status of China's biotechnology capabilities.
The Federal Communications Commission has said removing the insecure equipment is estimated to cost $4.98 billion but Congress previously only approved $1.9 billion for the "rip and replace" program.
Washington has aggressively urged U.S. allies to purge Huawei and other Chinese gear from their wireless networks.
FCC Chair Jessica Rosenworcel last week again called on the U.S. Congress to provide urgent additional funding, saying the program to replace equipment in the networks of 126 carriers faces a $3.08 billion shortfall "putting both our national security and the connectivity of rural consumers who depend on these networks at risk."
She has warned the lack of funding could result in some rural networks shutting down, which "could eliminate the only provider in some regions" and could threaten 911 service.
Competitive Carriers Association CEO Tim Donovan on Saturday praised the announcement, saying "funding is desperately needed to fulfill the mandate to remove and replace covered equipment and services while maintaining connectivity for tens of millions of Americans."
In 2019, Congress told the FCC to require U.S. telecoms carriers that receive federal subsidies to purge their networks of Chinese telecoms equipment. The White House in 2023 asked for $3.1 billion for the program.
Senate Commerce Committee chair Maria Cantwell said funding for the program and up to $500 million for regional tech hubs will be covered by funds generated from a one-time spectrum auction by the FCC for advanced wireless spectrum in the band known as AWS-3 to help meet rising spectrum demands of wireless consumers.
Recently:
- China's Telco Attacks Mean 'Thousands' Of Boxes Compromised
- Salt Typhoon's Cyberstorm Reaches Beyond US Telcos
- Volt Typhoon And Its Botnet Surge Back With A Vengeance
(Score: 0) by Anonymous Coward on Monday December 02, @04:26PM
Sigh, so what have we proved other than that what predicted. I guess the real question is how much shit will hit the fan?