Chinese cyber attackers would have carried out a very serious security intrusion in the United States. The information It comes to us from The Wall Street Journalwhich points out that a group known as Salt Typhoon has managed to infiltrate the networks of several telecommunications providers in the North American country. There is also talk of “potential” access to information from the wiretapping system used by security agencies.
At the time of publishing this article there are no official statements regarding the alleged incident, although multiple sources have provided information to the aforementioned newspaper on condition of anonymity. They explain that the intrusion was discovered in recent weeks and that it is still under investigation by the Government and security analysts from the companies involved, including Verizon, AT&T and Lumen.
If confirmed, we will be facing an attack of historic magnitude
People with knowledge of the matter indicated that the attackers could have had the network infrastructure of telecom providers for months or longer. This has set off alarm bells in Washington, where they fear for a increased national security risk. An intrusion of these characteristics by nation-state attackers does not go unnoticed because it affects the root of something as important as communications.
As if this were not enough, as we say, there is a possibility that Salt Typhoon has had access to confidential information about wiretapping carried out by US security agencies. Part of the compromised information would be, precisely, the court orders that allow, for example, the FBI to intercept telephone calls in certain types of investigations contemplated in current legislation.
While sources note that work is still being done to understand the magnitude of the attack, there are indications that the attackers have collected a huge amount of internet traffic from service providers. A point to highlight is that these suppliers, in turn, have both large and small companies as clients, as well as millions of customers. It is also mentioned that the campaign was extended in a limited way to other countries.
This alleged security incident, described as “catastrophic” by some within the government, leaves many questions unanswered. Of course, one of them is what would have been the Achilles heel that would have allowed such a security problem. For now, work is being done to find out if the attackers violated part of Cisco’s network infrastructure, a key piece of the affected telecommunications companies.
Cory Doctorow, journalist and digital activist, has not hesitated to point v. Communications Assistance for Law Enforcement Act (CALEA), a law from the Bill Clinton administration that forced operators to modify their systems to allow law enforcement agencies to intercept traffic for investigations. Doctorow points out that CALEA ended up hurting infrastructure security.
This is not the first time we have seen Salt Typhoon on stage. This is a group that has been active since 2020 and has carried out several attacks. The cybersecurity group Microsoft has defined it as a “nation-state” group linked to China, that is, actors acting for the benefit of their sponsors. Typically, these types of attackers target government agencies and critical infrastructure companies.
Images | AMIRALI NASIRI | iStrfry, Marcus | engin akyurt
In Xataka | LockBit was the most dangerous ransomware group in the world. Your supplier has been arrested in Madrid
Add Comment