What you need to know about the Salt Typhoon hack
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Shoshana Gordon/Axios
The Salt Typhoon cyberattack that reportedly targeted U.S. wiretap systems could be one of the most damaging China-backed cyber espionage campaigns ever, per The Wall Street Journal.
Why it matters: The hack may have given the Chinese government unprecedented access to U.S. foreign-intelligence surveillance systems and electronic communications that major internet service providers like Verizon and AT&T collect based on U.S. court orders.
Threat level: The hackers were able to attain highly sensitive intelligence and law enforcement data, per reports.
- Jamil Jaffer, a former White House national security official and executive director of the National Security Institute at the George Mason University's Scalia Law School, told The Wall Street Journal that this could be "a counterintelligence failure of the highest order."
Catch up quick: Salt Typhoon is only one of several advanced persistent threats (APT) believed to be backed by Beijing.
- There are several "typhoon" threats, the moniker used by Microsoft in order to track different Chinese-backed campaigns based on their tactics and procedures.
- Salt Typhoon has been active since 2020, according to Microsoft research cited by the Journal.
- Volt Typhoon has persistently infiltrated U.S. infrastructure, with reports showing that attackers maintained access to critical U.S. systems for "at least five years."
- Flax Typhoon targets home routers, firewalls, storage devices, and Internet of Things devices like cameras and video recorders and has been active since 2021, according to the Department of Justice.
Between the lines: Salt Typhoon reportedly gained access to Verizon, AT&T and Lumen Technologies by exploiting systems used for lawful wiretapping, which are designed to comply with government surveillance requests.
- The Electronic Frontier Foundation says the "backdoors" used by Salt Typhoon were likely created to help companies comply with the Communications Assistance for Law Enforcement Act (CALEA), that requires telecommunications companies to cooperate with legal orders by law enforcement and national security agencies.
Zoom out: Critics of legally mandated "back doors" intended for lawful surveillance have always argued that bad actors will always eventually find ways to compromise such designs.
- So far, the Salt Typhoon saga appears to confirm that argument.
What they're saying: Last week Sen. Ron Wyden (D-Ore.), a frequent critic of government surveillance techniques, sent a letter urging FCC Chairwoman Jessica Rosenworcel and Attorney General Merrick Garland to "recognize the failure of its current approach to combating cyberattacks" and investigate cybersecurity practices at companies that were attacked.
- Bipartisan leaders in the House Energy and Commerce Committee also wrote letters to AT&T, Verizon and Lumen Technologies, saying the committee needed "to understand better how this incident occurred" and what steps the companies are taking to secure customer data.
- Chairman John Moolenaar (R-Mich.) and Rep. Raja Krishnamoorthi (D-Ill.) of the House Select Committee on the Strategic Competition between the United States and the Chinese Communist Party also sent a letter to the CEOs, requesting a closed-door briefing to learn more about when the companies discovered the attack.
