China’s Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official.
“There’s a good chance this espionage campaign has stolen information from nearly every American,” Michael Machtinger, deputy assistant director for the FBI’s cyber division, told The Register.
“There’s a thought among the public that if you don’t work in a sensitive area that the PRC might be interested in for its traditional espionage activities, then you are safe, they will not target you,” he said, during a Thursday interview with The Register. “As we have seen from Salt Typhoon, this is no longer an assumption that anyone can afford to make.”
The Beijing-backed spying campaign began at least in 2019 but wasn’t uncovered by US authorities until last fall. On Wednesday, US law enforcement and intelligence agencies along with those from 12 other countries warned the ongoing espionage activity expanded far beyond nine American telcos and government networks. According to Machtinger, at least 80 countries were hit by the digital intrusions.
Around 200 American organizations were compromised by the espionage activity, Machtinger said, including the previously disclosed telecommunications firms such as Verizon and AT&T.
Yesterday’s joint security alert also pointed the allies’ collective finger at three China-based entities affiliated with Salt Typhoon: Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology. These companies, and likely others, provide cyber products and services to China’s Ministry of State Security and People’s Liberation Army, the governments said.
What the PRC is doing through these proxy actors is really reckless and unbounded, in a way that is significantly outside of the norms of what we see in the espionage space
“This is one of the most consequential cyber espionage breaches that we’ve ever seen in the United States,” Machtinger said.
“What this really underscores is that what the PRC is doing through these proxy actors is really reckless and unbounded, in a way that is significantly outside of the norms of what we see in the espionage space,” he added. “And that should really set off alarm bells for us — not only in the United States. The scale of indiscriminate targeting is unlike what we’ve seen in the past.”
This indiscriminate targeting, as the FBI and White House security officials have previously noted, allowed Beijing’s snoops to geo-locate millions of mobile phone users, monitor their internet traffic, and, in some cases, record their phone calls. Victims reportedly included President Donald Trump and Vice President JD Vance.
Machtinger declined to confirm whether Trump and Vance were among those surveilled, but did say that victims included more than 100 current and former presidential administration officials.
“As we look at the impact on the different sets of victims,” he said, Salt Typhoon collected “bulk information from millions of Americans.”
For the more targeted group of individuals, “most of whom are very high-profile, current and former presidential administration officials, and campaign appointees from both major political parties,” the data collection went much deeper, Machtinger added. “Down to intercepting actual content.”
In addition to Salt Typhoon, the feds over the past year have issued warnings about other Chinese cyber operations. These include Volt Typhoon intruders, who infected hundreds of outdated routers to build a botnet and break into US critical infrastructure facilities. The Beijing-backed crew, we would later learn, was prepositioning itself and readying destructive cyberattacks.
Another China-linked crew, Silk Typhoon has spent more than a decade compromising IT and cloud providers to steal sensitive data from their government, technology, education, and legal and professional services customers.
China is not the only source of threats, Machtinger noted. Russia, Iran, North Korea, plus along with home-grown and international cybercriminals and ransomware crooks, assault computers and networks of both individuals and organizations, every day.
“These actors are going to continue their efforts, and they’re going to get more sophisticated,” Machtinger said. “We need to make sure that we, a nation, are taking cybersecurity seriously, updating systems, removing end-of-life devices, and making it as hard and costly as possible for the myriad of actors that are out there to successfully compromise.” ®
Source link
