Chinese Hackers Allegedly Exploited Backdoors in US ISPs for Espionage
Investigations Reveal China Backed Hackers Targeting Core Network Infrastructure like ISPs Amid Escalating Cyber Threats.
Salt Typhoon, a Chinese state-sponsored hacking group, has allegedly breached multiple U.S. internet service providers (ISPs) in a campaign to establish persistence and carry out cyber espionage activities.
How the Breach Occurred
Reports suggest that the hackers employed sophisticated techniques, including exploiting zero-day vulnerabilities in network devices, to establish control over these critical services.
The breach allegedly targeted networking structures like Cisco Systems routers, which are core network components of the ISP infrastructures in the U.S.
Wall Street Journal investigated to ascertain if the hackers breached Cisco security.
“Investigators are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet,” WSJ reported.
Cisco has since denied being breached, saying “no Cisco Routers were involved.”
Escalating Cyber Threats from Chinese Hackers
Salt Typhoon’s recent infiltration of U.S. ISPs is reminiscent of former attacks by Chinese hackers who aimed at intercepting and gaining access to critical information.
In December 2023, the FBI successfully disrupted a fraction of Volt Typhoon’s network —a hacking group with similar operations to Salt Typhoon— by taking down a botnet that had compromised hundreds of U.S.-based small-office and home-office routers.
Following the takedown, the FBI issued an advisory, dissecting the group’s tactics, techniques, and procedures (TTPs), including targeting sectors such as Communications, Energy, and Water, to gain control and possibly launch future attacks.
China has denied the allegations of being behind both attacks, but the country is continually expanding its efforts despite clear indications of its attacks.
Investigations Continue
The U.S. authorities continue to investigate the full extent of Salt Typhoon’s activities as the risk posed by the Chinese-sponsored cyber-hacking group becomes increasingly apparent. They believe that the infiltration of ISPs threatens sensitive information and the potential foundation for future attacks that could disrupt critical services.
As cyber espionage becomes more prominent as a tool for gaining information, the challenge for governments and private sectors will be to identify and prevent these breaches before they lead to a state-wide cyber security disaster.
