Introduction
The national cyber security agencies of New Zealand and Australia have issued a warning regarding a significant hacking operation by the Chinese state-sponsored group, Salt Typhoon [1] [2] [3] [4]. This operation has targeted telecommunications companies worldwide, raising concerns about unauthorized access to sensitive communications and data.
Description
New Zealand’s national cyber security agency (NCSC-NZ) [2], in collaboration with the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) [1], has issued a warning about a mass hacking operation conducted by the Chinese state-sponsored Salt Typhoon hacking group [2]. This operation has targeted telecommunications companies globally [4], following reports of unauthorized access to phone conversations [1], text messages [1] [2], and related records of US residents [1]. The operation mirrors a recent attack on US telecom services [2], which involved eavesdropping on communications and stealing user data. US Deputy National Security Advisor for Cyber and Emerging Tech [4], Anne Neuberger [4], confirmed that “dozens of countries” have been impacted [4], with New Zealand [2] [4], the US [1] [2] [4], Canada [3] [4], and Australia specifically identified as confirmed targets [4].
In response to the Salt Typhoon threat, the Cybersecurity and Infrastructure Security Agency [3], National Security Agency [3] [4], and FBI [3], along with counterparts in Australia [3], New Zealand [1] [2] [3] [4], and Canada [3], issued guidance titled Enhanced Visibility and Hardening Guidance for Communications Infrastructure [3]. This guidance emphasizes best cybersecurity practices for organizations to help mitigate the impact of the Salt Typhoon attack and potential future attacks [3].
The advisory from NCSC-NZ follows consultations with US cyber security agencies [2], which reported that Salt Typhoon has infiltrated major telecom and broadband operations in the USA [2]. It highlights the need for New Zealand organizations [2], particularly those with on-premises enterprise equipment [2], to adopt best practices for protection against such threats [2]. The US has expressed significant concern over the exploit [2], which has affected a considerable number of individuals [2], although it is not believed to involve every cell phone in the country [2]. Verizon [2], a leading US mobile operator [2], acknowledged awareness of a sophisticated attack on its networks weeks prior [2].
Additionally, the Australian government has attributed numerous cyber attacks to the China-backed Salt Typhoon group [1], with around 2,400 devices in Australia reportedly compromised [1]. Another state-sponsored group identified as APT40 has also been implicated in a series of cyber incidents [1]. The NCSC-NZ advisory is part of ongoing warnings regarding cyber attacks targeting New Zealand’s infrastructure [2], which the government attributes to China [2]. The US is currently investigating the extent of this hacking campaign [1].
Conclusion
The Salt Typhoon hacking operation underscores the growing threat of state-sponsored cyber attacks on global telecommunications infrastructure. The collaborative response from international cyber security agencies highlights the importance of adopting robust cybersecurity measures to mitigate such threats. As investigations continue, affected countries must remain vigilant and proactive in strengthening their defenses against future cyber incidents.
References
[1] https://ia.acs.org.au/article/2024/aussie-telcos-warned-of-china-backed-phone-hacking.html
[2] https://www.cybersecurityintelligence.com/blog/new-zealand-warns-of-impending-mass-hacking-operation-8116.html
[3] https://umbc.edu/stories/what-is-salt-typhoon-a-security-expert-explains-the-chinese-hackers-and-their-attack-on-us-telecommunications-networks/
[4] https://me.mashable.com/tech/49777/what-is-salt-typhoon-everything-you-need-to-know-about-the-worst-telecom-hack-in-us-history
