Cyberbytes Daily

Chinese Salt Typhoon Hacked 8+ Telecoms To Stole U.S. Citizens Data

A Chinese hacking campaign, codenamed “Salt Typhoon” by Microsoft, has infiltrated more than 8 American telecommunications companies, stealing vast amounts of U.S. citizens’ phone data.

Officials describe it as one of the largest intelligence compromises in U.S. history.

The operation, significantly larger than previously known to the public, has affected dozens of countries worldwide and compromised the communications of a large number of Americans.

The cyberespionage campaign has given hackers access to multiple types of information:-

  1. Call records and metadata, particularly focusing on the Washington, D.C. area
  2. Live phone calls of specific targets
  3. Systems used for law enforcement and intelligence agency access (CALEA systems)

While besides this, the analyst at NBC News noted that among the known victims are the presidential campaigns of Donald Trump and Kamala Harris, as well as the office of Senate Majority Leader Chuck Schumer.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Government Response

Anne Neuberger, a deputy national security adviser, stated that the U.S. does not believe any of the affected telecoms have fully removed the hackers from their systems. This persistent threat poses a risk of ongoing compromises to communications until cybersecurity gaps are addressed.

U.S. officials, along with allies from Australia, Canada, and New Zealand, have released a public guide for telecommunications companies to protect themselves from Chinese hackers. The FBI is in the process of notifying Americans whose calls they believe were compromised, although not all affected individuals will be contacted.

In light of this unprecedented cyberattack, U.S. officials are urging Americans to take precautions:-

  • Use encrypted messaging apps for communications
  • Consider using cellphones that receive timely operating system updates
  • Implement responsibly managed encryption
  • Use phishing-resistant multi-factor authentication for email, social media, and collaboration tools

While China frequently denies responsibility for cyberattacks, the U.S. views this campaign as a massive but traditional espionage operation aimed at gathering intelligence on American politics and government.

The compromise has raised concerns about the vulnerability of telecommunications infrastructure and the need for enhanced cybersecurity measures globally.

The incident underscores the critical importance of robust cybersecurity practices and the ongoing challenges in protecting sensitive data in an increasingly interconnected world.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

The post Chinese Salt Typhoon Hacked 8+ Telecoms To Stole U.S. Citizens Data appeared first on Cyber Security News.

Tags

About Author

Chad Barr

Chad Barr is a visionary and executive leader, blending over two decades of expertise with a unique ability to demystify complex technical concepts. As a cybersecurity leader, prolific author, and director at AccessIT Group, Chad has empowered organizations across diverse industries to build resilient security frameworks. His engaging writing, speaking engagements, and thought leadership inspire proactive cybersecurity practices, making him a trusted voice in the ever-evolving digital landscape.

My Books

Cybersecurity News

  • Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
    by [email protected] (The Hacker News) on January 9, 2025 at 5:29 pm

    Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and

  • 5 Benefits Of A Malware Sandbox For Business Security
    by Balaji N on January 9, 2025 at 5:27 pm

    Imagine an employee receiving an email that looks completely legitimate, maybe it’s a fake invoice or a shipping update. They click on the attachment, and just like that, your network could be infected with ransomware, sensitive customer data stolen, or your entire system brought to a halt. It’s a nightmare scenario, but one that happens The post 5 Benefits Of A Malware Sandbox For Business Security appeared first on Cyber Security News.

  • Rapid Cyber Incident Response: Why Speed, Quality, and the Right Tools Matter
    by Kaaviya Ragupathy on January 9, 2025 at 4:48 pm

    As you probably know by now, it doesn’t really matter how big in size your business is, you’re going to be up against the risk of cyberattacks in some form or another. These can range in scope and scale with threats such as ransomware and phishing campaigns right through insider threats and advanced persistent attacks. The post Rapid Cyber Incident Response: Why Speed, Quality, and the Right Tools Matter appeared first on Cyber Security News.

  • Criminal IP Launches Real-Time Phishing Detection Tool on Microsoft Marketplace
    by Kaaviya Ragupathy on January 9, 2025 at 4:32 pm

    Criminal IP, a globally recognized Cyber Threat Intelligence (CTI) solution by AI SPERA, has launched its Criminal IP Malicious Link Detector add-in on the Microsoft Marketplace. This cutting-edge tool provides real-time phishing email detection and URL blocking for Microsoft Outlook, adding an essential layer of email security in the face of increasing cyber threats. Generative AI advancements The post Criminal IP Launches Real-Time Phishing Detection Tool on Microsoft Marketplace appeared first on Cyber Security News.

  • New AI Challenges Will Test CISOs & Their Teams in 2025
    by Josh Lemos on January 9, 2025 at 3:00 pm

    CISOs need to recognize the new threats AI can present — while also embracing AI-powered solutions to stay ahead of those threats.

Latest Posts

Categories

Tags

AI AWS ChatGPT Credit Card Fraud Cybercriminals Cyber News Cyber Security Cybersecurity News Data Breach Digital Transformation Gen AI IoT Nation-State Ransomware Security Skimmer Malware Starbucks