The FBI has issued a public appeal for information regarding an ongoing cyber campaign targeting US telecommunications infrastructure, believed to be orchestrated by individuals associated with the People’s Republic of China (PRC). This cyber operation, known as Salt Typhoon, has successfully breached networks at multiple US telecommunications companies, resulting in the theft of sensitive data. As the investigation progresses, the FBI is reaching out to the public for assistance in identifying those responsible for these malicious activities.
The Salt Typhoon campaign, which has been under scrutiny for several months, is part of a larger effort by PRC-affiliated threat actors to exploit vulnerabilities within critical US telecommunications infrastructure. The FBI’s investigation, designated under alert number I-042425-PSA, has uncovered that attackers have accessed substantial amounts of data. This includes call data logs, private communications involving government officials and political figures, and specific information requested by US law enforcement through court orders. The probe suggests a global reach, with the malevolent actors potentially targeting individuals and organizations worldwide.
Earlier alerts from the FBI in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) and other government bodies on October 25, 2024, and November 13, 2024, highlighted the threat posed by Salt Typhoon. Furthermore, on December 3, 2024, a comprehensive guide titled “Enhanced Visibility and Hardening Guidance for Communications Infrastructure” was released, offering crucial advice for telecommunications providers to fortify defenses against PRC-affiliated cyber threats.
In response to the cybersecurity challenge presented by Salt Typhoon, the FBI is collaborating closely with industry partners and US government agencies to mitigate the impact of these activities. The agency is soliciting specific information that could lead to the identification of the individuals involved in this campaign, urging those with pertinent knowledge to come forward and share relevant details.
Moreover, the US Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information that leads to the identification of individuals associated with foreign government-directed cyberattacks on US critical infrastructure. This initiative underscores the US government’s dedication to exposing and prosecuting those engaged in cyber espionage and other malicious acts in violation of the Computer Fraud and Abuse Act (CFAA).
The Salt Typhoon campaign has already been associated with several major incidents where PRC-affiliated actors infiltrated commercial telecommunications infrastructure to steal data. The espionage effort primarily targeted individuals with ties to government and political operations, although the full extent of the damage is yet to be fully understood. The FBI and CISA have been assisting affected companies by providing technical support and sharing information to assist other potential victims in safeguarding themselves.
To reinforce cyber defenses in the telecommunications sector, the FBI is collaborating with international agencies to enhance the visibility and resilience of global telecommunications infrastructure. The US has also engaged with agencies in Australia, Canada, and New Zealand to exchange insights on defensive measures and bolster global cybersecurity efforts. These coordinated actions aim to reduce the vulnerability of critical telecommunications infrastructure worldwide to Salt Typhoon and other cyber threats.
As the investigation progresses, organizations that suspect they have been targeted by Salt Typhoon or similar campaigns are encouraged to promptly contact their local FBI field offices. Individuals with information regarding the identities or activities of those behind Salt Typhoon can securely report their tips through the FBI’s Internet Crime Complaint Center (IC3) or the Rewards for Justice program’s secure channels. The ongoing collaboration between government agencies and the private sector is crucial in safeguarding US telecommunications networks from further cyber threats.
In conclusion, the FBI’s efforts to disrupt the Salt Typhoon campaign underscore the significance of collective action in combating cyber threats. By remaining vigilant and proactive, organizations can strengthen their defenses against malicious actors seeking to exploit vulnerabilities in critical infrastructure. The ongoing collaboration and exchange of information between government entities and private sector stakeholders are instrumental in safeguarding the integrity of telecommunications networks and data from cyber intrusions and espionage activities.