FBI is offering $10M for info on most-wanted hacking group
What's the story
The FBI has announced a $10 million reward for information about Salt Typhoon, a state-sponsored Chinese hacking group. The group infiltrated the sensitive networks of several US telecommunications companies last year. The information was revealed in an official statement by the agency on Thursday, where they also offered relocation assistance and other compensation to whistleblowers.
Group profile
Salt Typhoon: A state-sponsored hacking group
Salt Typhoon is one of the many hacking groups working for the People's Republic of China, as per the FBI. Intelligence agencies and private security firms have tied this group to several espionage attacks to collect critical data for future military conflicts. The FBI's investigation found that these hackers had breached networks, stealing call data logs, private communications of identified victims, and copying select information under court-ordered US law enforcement requests.
Cyber activities
Salt Typhoon's history and previous attacks
The Salt Typhoon group has been active since at least 2019. It has been tied to several breaches of telcos around the world, including in the US. One of the major attacks attributed to the group was reported by The Wall Street Journal last October, where they reportedly breached networks belonging to Verizon, AT&T, and Lumen/CenturyLink. The Washington Post later hinted Salt Typhoon may have accessed systems used for court-authorized wiretaps of communications networks during these incursions.
Information disclosure
US officials confirm breach by Salt Typhoon
In December, Biden administration officials revealed Salt Typhoon had breached telecom companies in several countries, including eight US telecom providers. The attacks were suspected to have been ongoing for one to two years. However, it remained unclear if the hackers had been fully removed from the breached networks. This information was disclosed as part of a wider investigation into the group's activities and their impact on global telecommunications security.
Cybersecurity concerns
Ongoing attacks and vulnerabilities exploited by Salt Typhoon
In February, researchers from Recorded Future's Insikt Group reported Salt Typhoon's campaigns had continued into the new year. They highlighted a series of attacks targeting internet-facing Cisco network devices used by telecom operators. The two main vulnerabilities exploited in this campaign were CVE-2023-20198 and CVE-2023-20273, both of which had received patches over a year before being exploited by Salt Typhoon.