American Cyber-Security Agencies Release New Guidance Following Recent Telecom Breaches
Published on December 4, 2024
- Several US telecom companies have suffered major data breaches by Chinese hackers earlier this year.
- It’s believed that the Salt Typhoon group coordinated the attacks to extract highly sensitive information.
- The NSA and the CISA have released a long list of actions and possible steps to prevent and identify attacks by Salt Typhoon.
The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released new guidance following reports that several major telecom companies were breached earlier this year. More precisely, AT&T, T-Mobile, Verizon, and Lumen Technologies were breached in an unprecedented attack by the Salt Typhoon threat group.
Salt Typhoon is an advanced persistent threat group believed to be operated by the Chinese government to conduct cyber-espionage campaigns. Active since 2019 and known as Earth Estries, Ghost Emperor, King of World, FamousSparow, and UNC2286, this group was behind multiple large-scale attacks on hotels, government agencies, and telecom companies.
The NSA and the CISA are still unsure when the initial attack on AT&T, T-Mobile, Verizon, and Lumen Technologies occurred. What is known is that Salt Typhoon has compromised the private communications of a limited number of government officials, gained access to the US government’s wiretapping platform, and extracted customer call records and law enforcement request data.
We’re still waiting to hear about the scope of the breach, as the investigation is pending. That said, there are reports that Salt Typhoon’s activities might still be happening in the background. As noted by a senior CISA official, "We cannot say with certainty that the adversary has been evicted because we still don't know the scope of what they're doing. We're still trying to understand that, along with those partners."
In the meantime, the NSA and the CISA have responded by offering a long list of possible actions that telecom companies can take to safeguard their infrastructure. They mainly focus on hardening devices and improving overall network security to reduce the attack surface exploited by Salt Typhoon.
These recommended actions, including patching devices promptly, disabling all vulnerable protocols, limiting management connections and privileged accounts, protecting passwords and storing them securely, and using strong cryptography, are crucial in safeguarding networks against cyber threats.
The CISA also highlights the importance of organizations’ ability to log, monitor, detect, and understand network activity. Since Salt Typoon’s activities might still be present, high visibility will allow network defenders to identify threats, abnormal behavior, and vulnerability.
Related
Most Popular
Most Popular