China-backed groups infiltrated 'multiple' telcos, FBI warns • The Register

<!doctype html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <title>China-backed groups infiltrated 'multiple' telcos, FBI warns • The Register</title> <meta name="robots" content="max-snippet:-1, max-image-preview:standard, max-video-preview:0"> <meta name="viewport" content="initial-scale=1.0, width=device-width"/> <meta property="og:image" content="https://regmedia.co.uk/2024/11/13/shutterstock_china_flag_binary_code.jpg"/> <meta property="og:type" content="article" /> <meta property="og:url" content="https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/" /> <meta property="og:title" content="China-backed groups infiltrated 'multiple' telcos, FBI warns" /> <meta property="og:description" content="Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds" /> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@TheRegister"> <script type="application/ld+json"> { "@context":"http://schema.org", "@type":"NewsArticle", "mainEntityOfPage":{"@type":"WebPage","@id":"https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/"}, "headline":"Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'", "datePublished":"2024-11-14T01:54:11Z", "dateModified":"2024-11-16T01:27:21Z", "image":{"@type":"ImageObject","url":"https://regmedia.co.uk/2024/11/13/shutterstock_china_flag_binary_code.jpg","width":"1200","height":"600"}, "author":{"@type":"Person","name":"Jessica Lyons"}, "publisher":{"@type":"Organization","name":"The Register","url":"https://www.theregister.com/","logo":{"@type":"ImageObject","url":"https://www.theregister.com/design_picker/1fea2ae01c5036112a295123c3cc9c56eb28836a/graphics/std/red_logo_sans_strapline.png","width":330,"height":55}} } </script> <script> var RegZoot = { }; var RegCC = [ ]; var RegPageType = 'Story'; var RegTruePageType = 'www story'; </script> <link rel="canonical" href="https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/"> <link rel="amphtml" href="https://www.theregister.com/AMP/2024/11/14/salt_typhoon_hacked_multiple_telecom/"> <script src="/Design/javascript/html5shiv.min.js"></script> <script> // IE8 only polyfilly for eventListener // source: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Compatibility !function(){if(Event.prototype.preventDefault||(Event.prototype.preventDefault=function(){this.returnValue=!1}),Event.prototype.stopPropagation||(Event.prototype.stopPropagation=function(){this.cancelBubble=!0}),!Element.prototype.addEventListener){var e=[],t=function(t,n){var o=this,r=function(e){e.target=e.srcElement,e.currentTarget=o,void 0!==n.handleEvent?n.handleEvent(e):n.call(o,e)};if("DOMContentLoaded"==t){var a=function(e){"complete"==document.readyState&&r(e)};if(document.attachEvent("onreadystatechange",a),e.push({object:this,type:t,listener:n,wrapper:a}),"complete"==document.readyState){var p=new Event;p.srcElement=window,a(p)}}else this.attachEvent("on"+t,r),e.push({object:this,type:t,listener:n,wrapper:r})},n=function(t,n){for(var o=0;o<e.length;){var r=e[o];if(r.object==this&&r.type==t&&r.listener==n){"DOMContentLoaded"==t?this.detachEvent("onreadystatechange",r.wrapper):this.detachEvent("on"+t,r.wrapper),e.splice(o,1);break}++o}};Element.prototype.addEventListener=t,Element.prototype.removeEventListener=n,HTMLDocument&&(HTMLDocument.prototype.addEventListener=t,HTMLDocument.prototype.removeEventListener=n),Window&&(Window.prototype.addEventListener=t,Window.prototype.removeEventListener=n)}}(); document.attachEvent("onreadystatechange", function() { if (document.readyState === "complete") { // list of icons we want <= IE8 to replace with their png equivalents var svg_icons_png_equiv = [ // masthead icons (twitter + facebook are also shared for footer): 'reg_logo.svg', 'twitter.svg', 'facebook.svg', 'linkedin.svg', // navigation bar icons: 'vulture.svg', 'vulture_white.svg', 'search.svg', 'search_white.svg', // footer icons: 'sitpub_footer.svg', 'linkedin_white.svg', 'rss.svg', // lectures section icons: 'reglecture_logo.svg', // story template icons: 'reddit.svg', 'linkedin_alt.svg', 'linkedin.svg', 'calendar.svg', 'location.svg', 'rect_comment_bubble_white.svg', 'rect_comment_bubble_black.svg', 'envelope.svg', 'polls_unit_arrow.svg' ]; for (i = 0; i <= svg_icons_png_equiv.length - 1; i++) { var svg_icon = svg_icons_png_equiv[i]; var img_svg_icons = $('img[src$="' + svg_icon + '"]'); img_svg_icons.each(function() { $(this).attr('src', $(this).attr('src').replace('.svg','.png')); }); } var ad_params = { src: 'https://regmedia.co.uk/2018/06/15/gg2b_book.png', href: 'https://forms.theregister.com/gg2b/?td=iaomwtkie78' }; bird_alternative('ad_wp_top', ad_params); } }); </script> <script> var RegArticle={id:237241,pf:0,af:0,bms:0,sec:'security/research',cat:'update_me',ec:['cisco'],kw:[["china",'China'],["cybercrime",'Cybercrime'],["cybersecurity and infrastructure security agency",'Cybersecurity and Infrastructure Security Agency'],["fbi",'FBI'],["security",'Security']],kwp:[["apac",'APAC'],["federal government of the united states",'Federal government of the United States'],["united states department of justice",'United States Department of Justice']],short_url:'https://reg.cx/4f2d',cp:0,noads:[],author:'Jessica Lyons'} </script> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/scaffolding.css"> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/design.css"> <style> #nav-security, #nav-security-research { text-decoration: underline !important; } </style> <link rel='stylesheet' type='text/css' href='/css/e5c206ed408f082870465a2c478e657ff0db3937/story_only.css'> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/rows_basic.css"> <link rel=alternate type="application/atom+xml" href="/headlines.atom" title="The Register: whole site"> <link rel=alternate type="application/atom+xml" href="/security/research/headlines.atom" title="The Register: Research section"> <script> var RegCR = false; </script> <script src="/design_picker/14513432720673f1c1ee02761ba265b674b7bee1/javascript/_.js"></script> <script> RegGPT('reg_security/research','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <link rel=search href="https://search.theregister.com/"> <link rel=search type="application/opensearchdescription+xml" title="El Reg Search" href="/Design/page/search.osd"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico" sizes="any"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/apple-touch-icon.png"> <link rel="manifest" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/site.webmanifest"> <meta name="msapplication-TileColor" content="#ff0000"> <meta name="msapplication-config" content="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/browserconfig.xml"> <meta name="theme-color" content="#ff0000"> <script src="/Design/javascript/respond.min.js"></script> </head> <body class="fullwidth" data-pagetype='Story' data-iebrowser='7' data-pagenum="0"> <div id="page"> <div data-oop="1" data-pos="top" data-raptor="kite" aria-hidden="true" class="adun"></div> <div id="masthead"> <div class="los_amigos"> <div class="left_nav"> <a id="mob_user_link" href="https://account.theregister.com/register/" aria-label="Your Account"> <img class="account_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg" alt=""> <img class="filled_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_filled_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg" alt=""> <span id="mob_user_text"><span>Sign in / up</span></span> </a> </div> <div class="center_nav"> <a href="https://www.theregister.com/" id="logo"> <img src="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.png" srcset="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg" width="190" height="35" alt="The Register® — Biting the hand that feeds IT"> </a> </div> <div class="right_nav"> <a href="https://search.theregister.com/" class="nav_search topnav_elem" data-name="Search" aria-label="Search"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg" alt=""> </a> <div id="site_nav_mobile"> <noscript><div id="site_nav_mobile_hiding_stamp"></div></noscript> <button id="mobile_menu_toggle" aria-label="Open menu" type="button"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg" alt=""> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg" alt=""> </button> </div> </div> </div> <div id="top_panel_wrapper"> <div id="top_panel"> <div class="block_section nav"> <div class="nav_col first_col"> <div class="nav_top_group"> <div class="nav_topics"> <div class="nav_head_bk"> <h2 class="main_head">Topics</h2> </div> <div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem mob_only">Security</a> <h2 class="desk_only section_nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem desk_only">Security</a> </h2> </div> </div><div id="subnav-box-nav-security" class="subnav_box"><a href="https://www.theregister.com/security/" class="subnav_elem" id="nav-security-all"><span class="prefix_all">All </span>Security</a><a href="https://www.theregister.com/security/cyber_crime/" class="subnav_elem" id="nav-security-cyber_crime">Cyber-crime</a><a href="https://www.theregister.com/security/patches/" class="subnav_elem" id="nav-security-patches">Patches</a><a href="https://www.theregister.com/security/research/" class="subnav_elem" id="nav-security-research">Research</a><a href="https://www.theregister.com/security/cso/" class="subnav_elem" id="nav-security-cso">CSO</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem mob_only">Off-Prem</a> <h2 class="desk_only section_nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem desk_only">Off-Prem</a> </h2> </div> </div><div id="subnav-box-nav-off_prem" class="subnav_box"><a href="https://www.theregister.com/off_prem/" class="subnav_elem" id="nav-off_prem-all"><span class="prefix_all">All </span>Off-Prem</a><a href="https://www.theregister.com/off_prem/edge_iot/" class="subnav_elem" id="nav-off_prem-edge_iot">Edge + IoT</a><a href="https://www.theregister.com/off_prem/channel/" class="subnav_elem" id="nav-off_prem-channel">Channel</a><a href="https://www.theregister.com/off_prem/paas_iaas/" class="subnav_elem" id="nav-off_prem-paas_iaas">PaaS + IaaS</a><a href="https://www.theregister.com/off_prem/saas/" class="subnav_elem" id="nav-off_prem-saas">SaaS</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem mob_only">On-Prem</a> <h2 class="desk_only section_nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem desk_only">On-Prem</a> </h2> </div> </div><div id="subnav-box-nav-on_prem" class="subnav_box"><a href="https://www.theregister.com/on_prem/" class="subnav_elem" id="nav-on_prem-all"><span class="prefix_all">All </span>On-Prem</a><a href="https://www.theregister.com/on_prem/systems/" class="subnav_elem" id="nav-on_prem-systems">Systems</a><a href="https://www.theregister.com/on_prem/storage/" class="subnav_elem" id="nav-on_prem-storage">Storage</a><a href="https://www.theregister.com/on_prem/networks/" class="subnav_elem" id="nav-on_prem-networks">Networks</a><a href="https://www.theregister.com/on_prem/hpc/" class="subnav_elem" id="nav-on_prem-hpc">HPC</a><a href="https://www.theregister.com/on_prem/personal_tech/" class="subnav_elem" id="nav-on_prem-personal_tech">Personal Tech</a><a href="https://www.theregister.com/on_prem/cxo/" class="subnav_elem" id="nav-on_prem-cxo">CxO</a><a href="https://www.theregister.com/on_prem/public_sector/" class="subnav_elem" id="nav-on_prem-public_sector">Public Sector</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem mob_only">Software</a> <h2 class="desk_only section_nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem desk_only">Software</a> </h2> </div> </div><div id="subnav-box-nav-software" class="subnav_box"><a href="https://www.theregister.com/software/" class="subnav_elem" id="nav-software-all"><span class="prefix_all">All </span>Software</a><a href="https://www.theregister.com/software/ai_ml/" class="subnav_elem" id="nav-software-ai_ml">AI + ML</a><a href="https://www.theregister.com/software/applications/" class="subnav_elem" id="nav-software-applications">Applications</a><a href="https://www.theregister.com/software/databases/" class="subnav_elem" id="nav-software-databases">Databases</a><a href="https://www.theregister.com/software/devops/" class="subnav_elem" id="nav-software-devops">DevOps</a><a href="https://www.theregister.com/software/oses/" class="subnav_elem" id="nav-software-oses">OSes</a><a href="https://www.theregister.com/software/virtualization/" class="subnav_elem" id="nav-software-virtualization">Virtualization</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem mob_only">Offbeat</a> <h2 class="desk_only section_nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem desk_only">Offbeat</a> </h2> </div> </div><div id="subnav-box-nav-offbeat" class="subnav_box"><a href="https://www.theregister.com/offbeat/" class="subnav_elem" id="nav-offbeat-all"><span class="prefix_all">All </span>Offbeat</a><a href="https://www.theregister.com/Debates/" class="subnav_elem" id="nav-offbeat-debates">Debates</a><a href="https://www.theregister.com/offbeat/columnists/" class="subnav_elem" id="nav-offbeat-columnists">Columnists</a><a href="https://www.theregister.com/offbeat/science/" class="subnav_elem" id="nav-offbeat-science">Science</a><a href="https://www.theregister.com/offbeat/geeks_guide/" class="subnav_elem" id="nav-offbeat-geeks_guide">Geek's Guide</a><a href="https://www.theregister.com/offbeat/bofh/" class="subnav_elem" id="nav-offbeat-bofh">BOFH</a><a href="https://www.theregister.com/offbeat/legal/" class="subnav_elem" id="nav-offbeat-legal">Legal</a><a href="https://www.theregister.com/offbeat/bootnotes/" class="subnav_elem" id="nav-offbeat-bootnotes">Bootnotes</a><a href="https://www.theregister.com/offbeat/site_news/" class="subnav_elem" id="nav-offbeat-site_news">Site News</a><a href="https://www.theregister.com/offbeat/about_us/" class="subnav_elem" id="nav-offbeat-about_us">About Us</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div> </nav> </div> </div> </div> <div class="nav_bottom_group"> <div class="nav_bottom_section nav_special_features"> <div class="nav_head_bk"> <a href="#subnav-box-nav-special_features" data-toggle-for="subnav-box-nav-special_features" id="nav-special_features" class="topnav_elem mob_only">Special Features</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Special Features</span> </h2> </div> <nav> <div class="nav_elem"> <div id="subnav-box-nav-special_features" class="subnav_box"> <a href="https://www.theregister.com/special_features">All Special Features</a> <a href="https://www.theregister.com/special_features/cybersecurity_month">Cybersecurity Month</a> <a href="https://www.theregister.com/special_features/vmware_explore">VMware Explore</a> <a href="https://www.theregister.com/special_features/blackhat_and_defcon">Blackhat and DEF CON</a> <a href="https://www.theregister.com/special_features/cloud_infrastructure_month">Cloud Infrastructure Month</a> <a href="https://www.theregister.com/special_features/malware_month">Malware Month</a> <a href="https://www.theregister.com/special_features/the_reg_in_space">The Reg in Space</a> <a href="https://www.theregister.com/special_features/spotlight_on_rsa">Spotlight on RSA</a> </div> </div> </nav> </div> <div class="nav_bottom_section nav_elem nav_vendor_voice"> <div class="nav_head_bk"> <h2 class="main_head"> <span class="topnav_elem desk_only">Vendor Voice</span> </h2> </div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem mob_only">Vendor Voice</a> <h2 class="desk_only section_nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem desk_only">Vendor Voice</a> </h2> </div> </div> <div id="subnav-box-nav-tag-vendor-voice" class="subnav_box"> <a href="https://www.theregister.com/VendorVoice/" class="subnav_elem" id="nav-tag-vendor-voice-all"> <span class="prefix_all">All </span>Vendor Voice </a> <a href="https://www.theregister.com/VendorVoice/aws_here/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_here"> HERE and AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_vonage/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_vonage"> Vonage </a> <a href="https://www.theregister.com/VendorVoice/aws_amdocs/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_amdocs"> Amdocs </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova_manufacturing/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova_manufacturing"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws"> Siemens and AWS Gen AI </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws_itot/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws_itot"> Siemens and AWS IT/OT </a> <a href="https://www.theregister.com/VendorVoice/aws_new_horizon_solutions/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_new_horizon_solutions"> Amazon Web Services (AWS) New Horizon in Cloud Computing </a> <a href="https://www.theregister.com/VendorVoice/ddn/" class="subnav_elem" id="nav-tag-vendor-voice-vv_ddn"> DDN </a> <a href="https://www.theregister.com/VendorVoice/google_cloud_data_transformation/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_cloud_data_transformation"> Google Cloud Data Transformation </a> <a href="https://www.theregister.com/VendorVoice/google_gemini/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_gemini"> Google Gemini </a> <a href="https://www.theregister.com/VendorVoice/hpe_greenlake/" class="subnav_elem" id="nav-tag-vendor-voice-vv_hpe_greenlake"> Hewlett Packard Enterprise: Edge-to-Cloud Platform </a> <a href="https://www.theregister.com/VendorVoice/intelvpro/" class="subnav_elem" id="nav-tag-vendor-voice-vv_intelvpro"> Intel vPro </a> <a href="https://www.theregister.com/VendorVoice/vmware/" class="subnav_elem" id="nav-tag-vendor-voice-vv_vmware"> VMware </a> <noscript> <a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a> </noscript> </div> </div> </nav> </div> <div class="nav_bottom_section nav_resources"> <div class="nav_head_bk"> <a href="#subnav-box-nav-resources" data-toggle-for="subnav-box-nav-resources" id="nav-resources" class="topnav_elem mob_only">Resources</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Resources</span> </h2> </div> <nav id="top_nav"> <div class="nav_elem"> <div id="subnav-box-nav-resources" class="subnav_box"> <a href="https://whitepapers.theregister.com/">Whitepapers</a> <a href="https://whitepapers.theregister.com/events/list/">Webinars & Events</a> <a href="https://account.theregister.com/edit/newsletter/">Newsletters</a> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xmd=",fluid,leaderboard," data-lg=",fluid,leaderboard," data-xlg=",fluid,superleaderboard,billboard,leaderboard," data-xxlg=",fluid,superleaderboard,billboard,brandwidth,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <article> <div id=top-col-story> <div class="header_left"> <div class="cat_header"> <h4 class="dcl"> <a href="/security/research/" aria-label="Research">Research</a> </h4> </div> <div class="comments_wrap mobile_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 5 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/14/salt_typhoon_hacked_multiple_telecom/"> <strong aria-hidden="true">5</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h1>Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'</h1> </div> <div class="header_left"> <div class="comments_wrap desktop_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 5 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/14/salt_typhoon_hacked_multiple_telecom/"> <strong aria-hidden="true">5</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h2>Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds</h2> <div class="byline_and_dateline_and_share_and_comments"> <div class="byline_wrap"> <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg" alt="icon"> <a class="byline" href="/Author/Jessica-Lyons" title="Read more by this author"> Jessica Lyons </a> </div> <div class="dateline_wrap"> <span class="dateline"> Thu 14 Nov 2024 <span class="slashes"> // </span> 01:54 UTC </span> </div> </div> </div> </div> <div id=main-col> <div id="article-wrapper" class="article_wrap"> <div class="left_col"> <div class="floating_bar"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_2"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27&url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27&summary=Feds%20don%27t%20name%20Salt%20Typhoon%2c%20but%20describe%20Beijing%20band%27s%20alleged%20deeds" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> <div class="promo_advert"> </div> </div> <div class="centre_col"> <div id="article"> <div id="body"> <p><span class="label">Updated</span> The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.</p> <p>In a <a target="_blank" rel="nofollow" href="https://www.fbi.gov/news/press-releases/joint-statement-from-fbi-and-cisa-on-the-peoples-republic-of-china-targeting-of-commercial-telecommunications-infrastructure">joint statement</a> issued on Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), the two government bodies said the previously-reported digital assaults resulted in the "theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders."</p> <p>This is a step up from the two agencies' late October <a target="_blank" href="https://www.theregister.com/2024/10/28/feds_investigate_chinas_salt_typhoon/">revelation</a> that they were on the case and actively providing assistance to affected companies and potential victims. It comes over a month after <a target="_blank" href="https://www.theregister.com/2024/09/25/chinas_salt_typhoon_cyber_spies/">reports</a> emerged that indicated a Chinese government-backed spy crew had breached US telecommunications networks <a target="_blank" href="https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/">Verizon, AT&T, and Lumen Technologies</a>.</p> <ul class="listinks"> <li><a href="https://www.theregister.com/2024/10/28/feds_investigate_chinas_salt_typhoon/">Feds investigate China's Salt Typhoon amid campaign phone hacks</a></li> <li><a href="https://www.theregister.com/2024/10/11/us_lawmakers_salt_typhoon/">US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants</a></li> <li><a href="https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/">Chinese cyberspies reportedly breached Verizon, AT&T, Lumen</a></li> <li><a href="https://www.theregister.com/2024/11/13/china_volt_typhoon_back/">China's Volt Typhoon crew and its botnet surge back with a vengeance</a></li> </ul> <p>The Wednesday announcement gets very close to verifying almost everything that has been previously reported about the affair: That, after breaking into telcos' networks, the China-linked entities – which have sometimes been labelled "Salt Typhoon" – compromised the wiretapping systems used for court-ordered surveillance; and that the snoops also targeted phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, along with Republican president-elect Donald Trump and VP-elect JD Vance.</p> <p>In other words, here's some official acknowledgement of China drilling into American communications networks.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <p>The Feds "continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector," the statement continued, urging any org that suspects it might be a victim to contact its <a target="_blank" rel="nofollow" href="https://www.fbi.gov/contact-us/field-offices">local FBI field office</a> or CISA.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xmd=",fluid,mpu,leaderboard," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>Earlier this week, security researchers warned that a different Chinese government-backed spy crew – <a target="_blank" href="https://www.theregister.com/2024/11/13/china_volt_typhoon_back/">Volt Typhoon</a> – is once again compromising old Cisco routers to build a botnet to break into critical infrastructure networks and kick off cyber attacks. ®</p> <h3 class="crosshead">Updated to add on November 15</h3> <p>Reportedly, T-Mobile US and telecoms organizations outside of America, as well as inside, <a target="_blank" rel="nofollow" href="https://www.wsj.com/politics/national-security/t-mobile-hacked-in-massive-chinese-breach-of-telecom-networks-4b2d7f92?st=NVmJKW&reflink=desktopwebshare_permalink">were also hit</a> by Salt Typhoon.</p> <div class="wptl btm"> <noscript><strong>Get our</strong> <a href="https://whitepapers.theregister.com/" style="text-transform:uppercase">Tech Resources</a></noscript> </div> </div> <div class="article_body_btm mobile_only"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_3"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27&url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27&summary=Feds%20don%27t%20name%20Salt%20Typhoon%2c%20but%20describe%20Beijing%20band%27s%20alleged%20deeds" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="right_col desktop_only"> <div class="similar_topics"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/FBI/" > <span class="keyword_name"> FBI </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/China%20Mobile/" > <span class="keyword_name"> China Mobile </span> </a> </li> <li> <a href="/Tag/China%20telecom/" > <span class="keyword_name"> China telecom </span> </a> </li> <li> <a href="/Tag/China%20Unicom/" > <span class="keyword_name"> China Unicom </span> </a> </li> <li> <a href="/Tag/CISO/" > <span class="keyword_name"> CISO </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Cyberspace%20Administration%20of%20China/" > <span class="keyword_name"> Cyberspace Administration of China </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Great%20Firewall/" > <span class="keyword_name"> Great Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/Hong%20Kong/" > <span class="keyword_name"> Hong Kong </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Infrastructure%20Security/" > <span class="keyword_name"> Infrastructure Security </span> </a> </li> <li> <a href="/Tag/JD.com/" > <span class="keyword_name"> JD.com </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Semiconductor%20Manufacturing%20International%20Corporation/" > <span class="keyword_name"> Semiconductor Manufacturing International Corporation </span> </a> </li> <li> <a href="/Tag/Shenzhen/" > <span class="keyword_name"> Shenzhen </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Uyghur%20Muslims/" > <span class="keyword_name"> Uyghur Muslims </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/APAC/" > <span class="keyword_name"> APAC </span> </a> </li> <li> <a href="/Tag/Federal%20government%20of%20the%20United%20States/" > <span class="keyword_name"> Federal government of the United States </span> </a> </li> <li> <a href="/Tag/United%20States%20Department%20of%20Justice/" > <span class="keyword_name"> United States Department of Justice </span> </a> </li> </ul> </div> </div> </div> </div> </div> <div class="right_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> </div> </div> <div class="left_col main_content"> <div class="sharing_block"> <div class=article_body_btm> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_4"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27&url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Reminder%3a%20China-backed%20crews%20compromised%20%27multiple%27%20US%20telcos%20in%20%27significant%20cyber%20espionage%20campaign%27&summary=Feds%20don%27t%20name%20Salt%20Typhoon%2c%20but%20describe%20Beijing%20band%27s%20alleged%20deeds" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="centre_col main_content"> <div class="comments "> <a class="comment_count" aria-label="Read comments on this article, currently there are 5 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/14/salt_typhoon_hacked_multiple_telecom/"> <strong aria-hidden="true">5</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> COMMENTS </a> </div> </div> <div class="hidden_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/China/" > <span class="keyword_name"> China </span> </a> </li> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/FBI/" > <span class="keyword_name"> FBI </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/China%20Mobile/" > <span class="keyword_name"> China Mobile </span> </a> </li> <li> <a href="/Tag/China%20telecom/" > <span class="keyword_name"> China telecom </span> </a> </li> <li> <a href="/Tag/China%20Unicom/" > <span class="keyword_name"> China Unicom </span> </a> </li> <li> <a href="/Tag/CISO/" > <span class="keyword_name"> CISO </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Cyberspace%20Administration%20of%20China/" > <span class="keyword_name"> Cyberspace Administration of China </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Great%20Firewall/" > <span class="keyword_name"> Great Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/Hong%20Kong/" > <span class="keyword_name"> Hong Kong </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Infrastructure%20Security/" > <span class="keyword_name"> Infrastructure Security </span> </a> </li> <li> <a href="/Tag/JD.com/" > <span class="keyword_name"> JD.com </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Semiconductor%20Manufacturing%20International%20Corporation/" > <span class="keyword_name"> Semiconductor Manufacturing International Corporation </span> </a> </li> <li> <a href="/Tag/Shenzhen/" > <span class="keyword_name"> Shenzhen </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Uyghur%20Muslims/" > <span class="keyword_name"> Uyghur Muslims </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/APAC/" > <span class="keyword_name"> APAC </span> </a> </li> <li> <a href="/Tag/Federal%20government%20of%20the%20United%20States/" > <span class="keyword_name"> Federal government of the United States </span> </a> </li> <li> <a href="/Tag/United%20States%20Department%20of%20Justice/" > <span class="keyword_name"> United States Department of Justice </span> </a> </li> </ul> </div> </div> </div> </div> <div class="right_col main_content"> <div class="tip_off_widget"> <h4>TIP US OFF</h4> <p><a href="https://www.theregister.com/Profile/contact/" target="_blank">Send us news</a></p> </div> </div> </div> </div> </article> <hr id=story_section_break> <div id=story-bot-col> <h3 style="position:absolute;color:transparent;z-index:-1;">Other stories you might like</h3> <div id="aua" data-unit-type="aua" class="keepreading"> <div class=headlines> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/18/tmobile_us_attack_salt_typhoon/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears</h4> <div class=standfirst> <span class="label">updated</span> Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon</div> <div class=time_comments> <span class="section_name">Networks</span><span class="time_stamp" title="18 Nov 2024 20:43" data-epoch="1731962602">18 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/11/13/china_volt_typhoon_back/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>China's Volt Typhoon crew and its botnet surge back with a vengeance</h4> <div class=standfirst>Ohm, for flux sake</div> <div class=time_comments> <span class="section_name">Public Sector</span><span class="time_stamp" title="13 Nov 2024 0:58" data-epoch="1731459490">13 Nov 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> <article> <a href="/2024/11/20/musk_chinese_cyberspies/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator</h4> <div class=standfirst>Meet Liminal Panda, which prowls telecom networks in South Asia and Africa</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="20 Nov 2024 23:50" data-epoch="1732146614">20 Nov 2024</span> | <span class="comment light_bg_comments">13</span></div> </div> </a> </article> <article> <a href="/2024/10/01/aiassisted_malware_resistance_response_and/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>AI-assisted malware resistance, response and recovery</h4> <div class=standfirst>How visibility into the life of an IO all the way from the storage controller to the flash media aids cyber protection</div> <div class=time_comments><span class="section_name">Sponsored Feature</span></div> </div> </a> </article> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="hawk" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z0MOmXKFsntpXb-3spyxQQAAAMM&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" alt=""> </a> </noscript> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/11/fraudulent_edr_emails/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>FBI issues warning as crooks ramp up emergency data request scams</h4> <div class=standfirst>Just because it's .gov doesn't mean that email is trustworthy</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="11 Nov 2024 16:23" data-epoch="1731342192">11 Nov 2024</span> | <span class="comment light_bg_comments">12</span></div> </div> </a> </article> <article> <a href="/2024/11/23/trump_noem_homeland_security/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?</h4> <div class=standfirst> <span class="label">Analysis</span> Meanwhile, CISA chief Jen Easterly will step down prior to inauguration</div> <div class=time_comments> <span class="section_name">Public Sector</span><span class="time_stamp" title="23 Nov 2024 17:39" data-epoch="1732383555">23 Nov 2024</span> | <span class="comment light_bg_comments">12</span></div> </div> </a> </article> <article> <a href="/2024/11/19/china_brazenbamboo_fortinet_0day/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer</h4> <div class=standfirst>No word on when or if the issue will be fixed</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="19 Nov 2024 23:2" data-epoch="1732057333">19 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/11/17/passkeys_passwords/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Will passkeys ever replace passwords? Can they?</h4> <div class=standfirst> <span class="label">Systems Approach</span> Here's why they really should</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="17 Nov 2024 18:30" data-epoch="1731868207">17 Nov 2024</span> | <span class="comment light_bg_comments">116</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/21/scattered_spider_suspects/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Five Scattered Spider suspects indicted for phishing spree and crypto heists</h4> <div class=standfirst>DoJ also shutters allleged crimeware and credit card mart PopeyeTools</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="21 Nov 2024 1:29" data-epoch="1732152553">21 Nov 2024</span> | <span class="comment light_bg_comments">3</span></div> </div> </a> </article> <article> <a href="/2024/11/22/cisa_red_team_exercise/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Here's what happens if you don't layer network security – or remove unused web shells</h4> <div class=standfirst>TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="22 Nov 2024 1:13" data-epoch="1732237988">22 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/11/20/equinox_patients_employees_data/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Healthcare org Equinox notifies 21K patients and staff of data theft</h4> <div class=standfirst>Ransomware scum LockBit claims it did the dirty deed</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="20 Nov 2024 0:30" data-epoch="1732062607">20 Nov 2024</span> | <span class="comment light_bg_comments">1</span></div> </div> </a> </article> <article> <a href="/2024/11/15/palo_alto_networks_firewall_zeroday/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit</h4> <div class=standfirst>Yank access to management interface, stat</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="15 Nov 2024 21:7" data-epoch="1731704823">15 Nov 2024</span> | <span class="comment light_bg_comments">28</span></div> </div> </a> </article> </div> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="owl" data-xsm=",fluid,mpu,dmpu," data-sm=",fluid,mpu,dmpu," data-md=",fluid,mpu,dmpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"></div> </div> </div><div id=footer> <div class="footer_slogan"> <div class="footer_wrapper"> <p>The Register <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png" alt="icon"> Biting the hand that feeds IT</p> </div> </div> <div class="footer_wrapper"> <div class=foot_wrapper> <div class="left_block"> <div class="foot_list"> <h4>About Us<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/contact/">Contact us</a></li> <li><a target=_blank rel=noopener href="https://www.theregister.com/AdvertiseWithUs/">Advertise with us</a></li> <li><a href="https://www.theregister.com/Profile/about_the_register/">Who we are</a></li> </ul> </div> <div class="foot_list more_us"> <h4>Our Websites<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.nextplatform.com/">The Next Platform</a></li> <li><a href="https://devclass.com/">DevClass</a></li> <li><a href="https://blocksandfiles.com/">Blocks and Files</a></li> </ul> </div> <div class="foot_list privacy"> <h4>Your Privacy<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/cookies/">Cookies Policy</a></li> <li><a href="https://www.theregister.com/Profile/privacy/">Privacy Policy</a></li> <li><a href="https://www.theregister.com/Profile/terms_and_conditions_of_use/">Ts & Cs</a></li> </ul> </div> </div> <div class="right_block"> <div class="foot_list"> <a href="https://situationpublishing.com/" id="sitpub_logo"> <img loading="lazy" width="250" alt="Situation Publishing" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png"> </a> <p> Copyright. All rights reserved © 1998–2024 </p> </div> </div> <noscript><img width="1" height="1" src="/Design/graphics/std/transparent_pixel.png" alt="no-js"></noscript> </div> </div> </div> <div id=end_scripts> <script> if (typeof(ElReg.Ga.sendPageView) === 'function') { ElReg.Ga.sendPageView('reg_security/research','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); } </script> <script> $(function() { RegUtils.set_bucket_group(139) }); </script> </div> </div> </body> </html>

CINXE.COM

China-backed groups infiltrated 'multiple' telcos, FBI warns • The Register