The FBI has requested the general public for data on Chinese language Salt Hurricane hackers behind widespread breaches of telecommunications suppliers in america and worldwide.
In October, the FBI and CISA confirmed that the Chinese language state hackers had breached a number of telecom suppliers (together with AT&T, Verizon, Lumen, Constitution Communications, Consolidated Communications, and Windstream) and lots of different telecom corporations in dozens of nations.
As revealed on the time, whereas that they had entry to the U.S. telecoms’ networks, the attackers additionally accessed the U.S. legislation enforcement’s wiretapping platform and gained entry to the “non-public communications” of a “restricted quantity” of U.S. authorities officers.
On Thursday, the FBI issued a public service announcement searching for ideas that might assist determine and find the Salt Hurricane hackers who focused US telecommunications infrastructure.
“Investigation into these actors and their exercise revealed a broad and vital cyber marketing campaign to leverage entry into these networks to focus on victims on a worldwide scale. This exercise resulted within the theft of name information logs, a restricted variety of non-public communications involving recognized victims, and the copying of choose data topic to court-ordered US legislation enforcement requests,” the FBI mentioned.
“FBI maintains its dedication to defending the US telecommunications sector and the people and organizations focused by Salt Hurricane by figuring out, mitigating, and disrupting Salt Hurricane’s malicious cyber exercise. You probably have any details about the people who comprise Salt Hurricane or different Salt Hurricane exercise, we might notably like to listen to from you.”
In January, the U.S. Division of the Treasury’s Workplace of Overseas Property Management (OFAC) introduced sanctions towards Sichuan Juxinhe Community Know-how, a Chinese language cybersecurity agency believed to be immediately concerned within the Salt Hurricane telecom breaches.
The FBI additionally reminded that the U.S. Division of State is providing a reward of as much as $10 million by way of its Rewards for Justice (RFJ) program for details about government-linked international hackers linked to malicious cyber actions towards U.S. crucial infrastructure.
Extra Salt Hurricane telecom breaches
China’s Salt Hurricane Chinese language cyber-espionage group (additionally tracked as Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286) has been breaching authorities entities and telecom corporations since not less than 2019.
In latest months, it was additionally uncovered that this state-backed hacking group is nonetheless actively concentrating on telecoms. Between December 2024 and January 2025, it breached extra telecommunications corporations worldwide by exploiting privilege escalation and Internet UI command injection vulnerabilities in unpatched Cisco IOS XE community units.
These further breaches embrace a U.S. web service supplier (ISP), a U.S.-based affiliate of a U.Ok. telecommunications supplier, an Italian ISP, a South African telecom supplier, and a big Thai telecommunications supplier.
Cisco has additionally revealed that the Chinese language hackers use a customized JumbledPath malicious instrument to stealthily monitor community visitors and certain seize delicate information from compromised U.S. telecommunication suppliers’ networks.
In response to those breaches, U.S. authorities are contemplating banning TP-Hyperlink routers if an ongoing investigation finds their use in cyberattacks poses a nationwide safety danger. They’re additionally reportedly planning to ban China Telecom’s final lively operations in america.
