China-linked hackers breach US internet providers in new ‘Salt Typhoon’ cyberattack
Summary
The hacking campaign is the latest in a series of incursions that U.S. investigators have tied to China in recent years.Hackers linked to the Chinese government have broken into a handful of U.S. internet service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.
The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.
In Salt Typhoon, the actors linked to China burrowed into America’s broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack.
Last week, U.S. officials said that they had disrupted a network of more than 200,000 routers, cameras and other internet-connected consumer devices that served as an entry point into U.S. networks for a China-based hacking group called Flax Typhoon. And in January, federal officials disrupted Volt Typhoon, yet another China-linked campaign that has sought to quietly infiltrate a swath of U.S. critical infrastructure.
“The cyber threat posed by the Chinese government is massive," said FBI Director Christopher Wray, speaking earlier this year at a security conference in Germany. “China’s hacking program is larger than that of every other major nation, combined."
U.S. security officials allege that Beijing has tried and at times succeeded in burrowing deep into U.S. critical infrastructure networks ranging from water treatment systems to airports and oil and gas pipelines. Top Biden administration officials have issued public warnings over the past year that China’s actions could threaten American lives and are intended to cause societal panic. The hackers could also disrupt the U.S.’s ability to mobilize support for Taiwan in the event that Chinese President Xi Jinping orders his military to invade the island.
Officials have repeatedly said that what the private sector and government agencies know about Chinese intrusions into critical infrastructure is likely the “tip of the iceberg" because of how stealthy and sophisticated the hackers have been.
China has routinely denied allegations from Western governments and technology firms that it relies on hackers to break into foreign government and business computer networks. The Chinese embassy in Washington didn’t immediately respond to a request for comment.
China’s state-backed hackers have long shown an interest in compromising global telecommunications infrastructure. A report published in 2019 by Cybereason, a U.S. cybersecurity firm, found that Chinese spies had hacked into the cellular networks of at least 10 global carriers to steal geolocation data as well as text messaging records and call logs.
Write to Sarah Krouse at sarah.krouse@wsj.com, Robert McMillan at robert.mcmillan@wsj.com and Dustin Volz at dustin.volz@wsj.com