Add Charter Communications, Consolidated Communications and Windstream to the list of ISPs compromised by the Salt Typhoon hacking campaign. The list of compromised US telecom companies has expanded yet again, according to inside sources that spoke with Wall Street Journal reporters.
There is also now internal government discussion about the campaign having been in motion since at least late 2023. Salt Typhoon’s extensive penetration into US telecom companies has become a serious national security issue with seemingly no end in sight, though some of those impacted now say they have contained the damage and that only “high-profile” parties had their data exposed.
Insiders: Three more US telecom companies hit
The state of the impacted US telecom companies remains in flux. Some have yet to confirm their breaches. Others, such as T-Mobile, have said that customer data was not accessed by the hackers. Verizon said that only specific high-profile people in politics were targeted.
Salt Typhoon has been confirmed to have accessed a “lawful intercept” system used by law enforcement with search warrants, and their actions take place against the backdrop of a now years-long campaign by Chinese state-backed hackers to penetrate critical infrastructure and set up a long-term presence. A number of those other groups have been given the “Typhoon” moniker but seemingly have different focuses, such as penetrating energy companies to spy or prepare for further disruption should conflict between the two nations break out.
China, as always, acknowledges absolutely none of this. It has previously accused the US of making it all up as a smear campaign, and even claims that another group (Volt Typhoon) is actually run by the CIA. But the hacking campaigns have sent the US government scrambling to secure communications, with employees shifting to encrypted third-party apps for both work collaboration and personal communications. The campaign against critical infrastructure and government agencies has also extended to numerous other countries, as Salt Typhoon has set up a seeming international web of data exfiltration.
Salt Typhoon campaign continues to roll
The Salt Typhoon incidents appear to be prompting big cybersecurity changes for US telecom companies as well, with the FCC reportedly working on new requirements for the industry. The FBI and NSA have issued voluntary recommendations for bolstering cybersecurity in the meantime, and patching known vulnerabilities in routers (or replacing them entirely) should be the first item on the list given the known patterns of Chinese hackers. But social engineering and phishing must also be guarded against, and these require regular training exercises (on at least a monthly schedule, if not weekly).
The US telecom companies that appeared in the WSJ report are not as large as the “big three” carriers that have already been breached, but they each serve tens of millions of Americans. Charter is a well-known name in the cable television world and also offers high-speed internet, Windstream has millions of residential internet service customers throughout nearly half the country, and Consolidated Communications is a major fiber provider for both business and residential customers.
The most important takeaway is that the Salt Typhoon news is far from over, and that major US telecom companies and ISPs were likely at least targeted by the hackers at some point since 2023 if not outright compromised.
