Hackers from the Chinese group Salt Typhoons have been intercepting communications from AT&T, Lumen and Verizon customers for months, NBC reports . The channel cites sources from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) as sources. According to the sources, the attack has not yet been remediated and customers should use encrypted messaging apps.
The attack, as we understand from the sources’ statements, is not a massive attack like a DDoS aimed at interrupting the service. The hacker group’s action is more like an attempt at espionage — even though it brings losses to customers and intense work for the telecoms security team.
What data are hackers looking for?
According to sources consulted by NBC , the Salt Typhoon group seeks to steal metadata from phones (which allows them to discover the line number), call recordings and call interceptions. This last case targets specific people, such as members of Donald Trump’s campaign, Kamala Harris and Chuck Schumer, the leader of the majority in the US Senate.
Most of the Salt Typhoon targets are phones located in the Washington, D.C., area. The FBI does not disclose which accounts were alerted to the attack on their phones, but Schumer was one of the targets who revealed the information to NBC in October — the month the attacks began.
Who is Salt Typhoon?
The hacker group Salt Typhoon, according to the FBI, has ties to the Chinese government. This name was given to it by Microsoft, but other cybersecurity companies call it by other names. ESET , for example, named the group FamousSparrow.
Salt Typhoon is yet another player in the power struggle between China, the United States and Russia, as well as North Korea. These countries carry out cyberattacks and hacking operations as a strategy for espionage and to harm their rivals’ services — although the US, like other nations, denies involvement in the attacks and groups.
