A purported Chinese hacking collective, Salt Storm, allegedly linked to the Ministry of State Security, is said to have been secretly embedded within US computer systems for an extended period, with attempts to eject them proving unsuccessful thus far.
According to a newly released report, and , Specifically, we’ve notified clients whose names and communications were intercepted without authorization. A relatively modest proportion of affected individuals were among those whose personal data, specifically metadata, was compromised.
Hackers affiliated with Salt Storm gained unauthorized access to metadata records of more than a million individuals, predominantly located in and around Washington, D.C. Metadata includes information gathered about cellphone calls and messages, encompassing details like caller IDs, timestamps, and geographical coordinates.
Metadata doesn’t encompass dialogue content or tie phone numbers to specific clients; yet, it can still hold immense value for intelligence agencies familiar with their target’s numbers. Researchers will utilize the data to map out an individual’s travel routes and analyze patterns of connectivity between people.
Despite having access to sensitive client data, the FBI’s lack of transparency is unlikely to prompt either company into taking swift action to notify their affected customers.
Suppliers and carriers, regardless of the timeframe in question, are obligated to promptly notify their customers about compromised data. The responsibility may occasionally lie with CISA and the FBI rather than always falling to them.
Notably, the primary target of the Salt Storm is comprised of outstanding U.S. residents, including prominent politicians and authorities officials. The group allegedly breached systems containing software used by the federal government for legal wiretapping purposes. President-elect Donald Trump and Vice President-elect J.D. Vance’s campaigns are among those featured in this analysis.
