FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countries

The FBI has released a critical security alert, warning that the infamous hacking collective known as Salt Typhoon is intensifying its cyber operations worldwide.

According to the agency, this Chinese state-backed group has been conducting widespread attacks across numerous sectors, with a primary focus on high-capacity backbone routers used by major telecom providers. The threat actors are also targeting provider edge (PE) and customer edge (CE) routers to gain strategic access points within networks.

Beyond direct breaches, the hackers are exploiting compromised devices and trusted network relationships to move laterally into other systems. By reconfiguring router settings, they establish persistent backdoors that allow long-term surveillance and data collection.

The group has ties to several China-based firms—Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology—all of which supply cybersecurity tools and services to China’s Ministry of State Security and the People’s Liberation Army.

"Back in the fall, the FBI and CISA traced intrusions at multiple U.S. telecommunications companies to PRC-linked operatives identified as Salt Typhoon. Active since at least 2019, these actors have carried out an extensive cyber-espionage operation, undermining global standards for telecommunications privacy and security," stated Brett Leatherman, assistant director of the FBI’s Cyber Division.

"Today’s Joint Cybersecurity Advisory aims to equip defenders with actionable intelligence to prevent, detect, and respond to these threats. Combined with guidance issued in late 2024, it provides concrete steps to enhance network visibility and identify malicious behavior early."

Salt Typhoon's reach more extensive than prior estimates

Alarmingly, the FBI revealed that the scale of Salt Typhoon’s campaign far exceeds earlier assessments, affecting no fewer than 60 organizations across 80 countries.

“Beijing’s broad targeting of private communications underscores the need for stronger coordination with international partners to detect and disrupt such activities at the earliest possible stage,” Leatherman emphasized.

“If your organization suspects it may have been compromised by Salt Typhoon—or any malicious cyber actor—I urge you to reach out to your nearest FBI field office immediately.”

This latest advisory follows a recent Department of Defense (DoD) report exposing a prolonged cyber intrusion by Salt Typhoon into U.S. National Guard networks.

In July, the DoD disclosed that the group had infiltrated the network of an unnamed state National Guard unit and remained undetected for nearly 12 months.

During that time, the attackers are believed to have accessed and stolen sensitive military and law enforcement information.

Defensive measures against Salt Typhoon

The advisory outlines the group’s typical attack methodology: initial entry through unpatched vulnerabilities in networking infrastructure.

Once inside a system, the hackers modify access control lists, create elevated-privilege user accounts, and activate remote administration features to solidify their foothold before expanding movement across the network.

Unlike financially motivated cybercriminals, Salt Typhoon’s objectives center on intelligence gathering, specifically targeting telecom operators, government agencies, and defense systems.

That said, healthcare institutions have also emerged as potential targets.

“This alert exposes one of the most expansive state-sponsored cyber espionage campaigns ever linked to the Chinese government,” warned John Riggi, national cybersecurity advisor for the American Hospital Association (AHA).

“U.S. healthcare organizations could face direct or indirect consequences from this espionage, including disruptive attacks on critical infrastructure. They must take immediate action to detect, isolate, remediate, and report instances of these malware variants—whether found on internal systems or third-party service providers—to the FBI.”

Don’t forget to follow php.cn on Google News for continuous updates on our latest tech news, in-depth analysis, and reviews.

The above is the detailed content of FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countries. For more information, please follow other related articles on the PHP Chinese website!