13 December 2024

China-linked spies are still lurking inside US telecommunications networks roughly six months after American officials started investigating the intrusions, according to those in the know.

This is the first time US officials have confirmed reports that Salt Typhoon hackers still have access to critical infrastructure — and they’re proving difficult to kick out. Officials added that they don’t yet know the full scope of the intrusions.

The Cybersecurity and Infrastructure Security Agency and FBI have released guidance for the communications sector to harden their networks against state-sponsored hackers, including basic steps like maintaining logs of activity on the network, keeping an inventory of all devices in the telecom’s environment and changing any default equipment passwords.

The hack has given Salt Typhoon unprecedented access to records from US telecommunications networks about who Americans are communicating with.

None of Salt Typhoon’s methods for hacking these networks appear to be new or highly sophisticated. Many of the ways they’re getting in align with existing weaknesses with the infrastructure that telecom providers rely on, said the official added. Politico reports that up to 80 telcos and internet providers have likely been affected by the sweeping hack.

The FBI and CISA officials say they don’t yet have a timeline for when US telcos will fully eradicate Salt Typhoon from their networks.