Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Salt Typhoon

From Wikipedia, the free encyclopedia
Advanced persistent threat operated by the Chinese government
Salt Typhoon
Formation2020; 5 years ago (2020)
TypeAdvanced persistent threat
PurposeCyber espionage,counterintelligence,data exfiltration
Location
AffiliationsMinistry of State Security

Salt Typhoon is anadvanced persistent threat actor believed to be operated byChina'sMinistry of State Security (MSS) which has conducted high profilecyber espionage campaigns, particularly against theUnited States. The group's operations place an emphasis oncounterintelligence targets in the United States anddata theft of key corporateintellectual property. The group has infiltrated targets in dozens of other countries on nearly every continent.[1] FormerNSA analyst Terry Dunlap has described the group as a "component of China's100-Year Strategy."[2]

Organization and attribution

[edit]

Salt Typhoon is widely understood to be operated by China'sMinistry of State Security (MSS), itsforeign intelligence service andsecret police.[3][4] The Chinese embassy denied all allegations, saying it was "unfounded and irresponsible smears and slanders".[5]

According toTrend Micro, the group is a "well-organized group with a clear division of labor" whereby attacks targeting different regions and industries are launched by distinct actors, suggesting the group consists of various teams, "further highlighting the complexity of the group's operations."[6][7]

2024 breach of U.S. Internet service provider networks

[edit]
Main article:2024 U.S. telecommunications hack

In late 2024 U.S. officials announced that hackers affiliated with Salt Typhoon had accessed the computer systems of nine U.S.telecommunications companies, later acknowledged to includeVerizon,AT&T,T-Mobile,Spectrum,Lumen,Consolidated Communications, andWindstream.[8][9][10] The attack targeted U.S.broadband networks, particularly core network components, includingrouters manufactured byCisco, which route large portions of the Internet.[3][4] In October 2024, U.S. officials revealed that the group had compromisedinternet service provider (ISP) systems used to fulfillCALEA requests used by U.S. law enforcement and intelligence agencies to conduct court-authorizedwiretapping.[9]

The hackers were able to accessmetadata of users calls andtext messages, including date and time stamps, source and destinationIP addresses, and phone numbers from over a million users; most of which were located in theWashington D.C. metro area. In some cases, the hackers were able to obtain audio recordings of telephone calls made by high profile individuals.[11] Such individuals reportedly included staff of theKamala Harris 2024 presidential campaign, as well as phones belonging toDonald Trump andJD Vance.[12] According to deputy national security advisorAnne Neuberger, a "large number" of the individuals whose data was directly accessed were "government targets of interest."[11]

In September 2024, reports first emerged that a severe cyberattack had compromised U.S. telecommunications systems. US officials stated that the campaign was likely underway for one to two years prior to its discovery, with several dozen countries compromised in the hack, including those in Europe and the Indo-Pacific.[13] The campaign was reportedly "intended as a Chinese espionage program focused on key government officials [and] key corporate [intellectual property]."[3][14]

In March 2025, theUnited States House Committee on Homeland Security requested that theDepartment of Homeland Security turn over documents on the federal government's response to the hacking.[15]

Methodology

[edit]

Salt Typhoon reportedly employs aWindows kernel-moderootkit, Demodex (name given byKaspersky Lab[16]), to gain remote control[17] over their targetedservers.[18] They demonstrate a high level of sophistication and useanti-forensic and anti-analysis techniques to evade detection.[18]

Targets

[edit]

According toThe New York Times, Salt Typhoon is unique in focusing primarily oncounterintelligence targets.[19] In addition to U.S. Internet service providers, theSlovak cybersecurity firmESET says Salt Typhoon has previously broken into hotels and government agencies worldwide.[20][21]

Tools used

[edit]

[22]

Name

[edit]

Salt Typhoon is the name assigned by Microsoft and is the one most widely used to describe the group.[20] The group has also variously been called:

See also

[edit]

References

[edit]
  1. ^Swan, David (2024-12-05)."The Chinese hack that has Australia on high alert".The Sydney Morning Herald. Retrieved2024-12-05.
  2. ^Lyons, Jessica (2024-09-25)."China's Salt Typhoon cyber spies are deep inside US ISPs".The Register.Archived from the original on 2024-10-08. Retrieved2024-10-08.
  3. ^abcKrouse, Sarah; McMillan, Robert; Volz, Dustin (2024-09-26)."China-Linked Hackers Breach U.S. Internet Providers in New 'Salt Typhoon' Cyberattack".The Wall Street Journal. Archived fromthe original on 7 Oct 2024.
  4. ^abNakashima, Ellen (6 October 2024)."China hacked major U.S. telecom firms in apparent counterspy operation".The Washington Post.Archived from the original on 7 October 2024. Retrieved8 October 2024.
  5. ^"Chinese Embassy rejects US accusations of 'Salt Typhoon' hacking operation".RNZ. 2024-12-08. Retrieved2025-01-30.
  6. ^abGreig, Jonathan (2024-11-25)."China's Salt Typhoon hackers target telecom firms in Southeast Asia with new malware".Recorded Future.Archived from the original on 2024-11-28. Retrieved2024-12-31.
  7. ^"Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions".Trend Micro. 2024-11-25. Retrieved2025-02-04.
  8. ^Ahmed, Deborah (2025-01-07)."US Telecom Breaches Widen as 9 Firms Hit by Chinese Salt Typhoon Hackers".Hackread. Retrieved2025-01-08.
  9. ^abKrouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (2024-10-05)."U.S. Wiretap Systems Targeted in China-Linked Hack".The Wall Street Journal. Archived fromthe original on 5 Oct 2024.
  10. ^Krouse, Sarah; Volz, Dustin (November 15, 2024)."T-Mobile Hacked in Massive Chinese Breach of Telecom Networks".The Wall Street Journal. RetrievedNovember 15, 2024.
  11. ^abPage, Carly (2025-01-06)."Meet the Chinese 'Typhoon' hackers preparing for war".TechCrunch. Retrieved2025-01-08.
  12. ^Barrett, Devlin; Swan, Jonathan; Haberman, Maggie (October 25, 2024)."Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance".The New York Times.Archived from the original on November 10, 2024. RetrievedOctober 25, 2024.
  13. ^Volz, Dustin (December 4, 2024)."Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. Official Says".The Wall Street Journal.Archived from the original on December 4, 2024. RetrievedDecember 5, 2024.
  14. ^Tucker, Eric (2024-12-27)."A 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House says".Associated Press. Retrieved2024-12-27.
  15. ^"US House committee seeks record on Chinese telecom hacking".Reuters. March 17, 2025. RetrievedMarch 17, 2025.
  16. ^"GhostEmperor: From ProxyLogon to kernel mode".securelist.com. 30 September 2021.Archived from the original on 1 October 2024. Retrieved8 October 2024.
  17. ^"GhostEmperor returns with updated Demodex rootkit"(PDF).www.imda.gov.sg -Infocomm Media Development Authority. Retrieved8 October 2024.
  18. ^ab"Malpedia: GhostEmperor".Fraunhofer Society.Archived from the original on 2024-10-08. Retrieved2024-10-08.
  19. ^Barrett, Devlin (2024-10-26)."What to Know About the Chinese Hackers Who Targeted the 2024 Campaigns".Archived from the original on 2024-12-21. Retrieved2024-12-31.
  20. ^abcdKovacs, Eduard (2024-10-07)."China's Salt Typhoon Hacked AT&T, Verizon: Report".Security Week.
  21. ^"ESET Research discovers FamousSparrow APT group spying on hotels, governments and private companies".ESET. ESET Newsroom, WeLiveSecurity.Archived from the original on 28 November 2024. Retrieved6 December 2024.
  22. ^"Salt Typhoon".FortiGuard. 2024-12-20.
  23. ^"AT&T, Verizon reportedly hacked to target US govt wiretapping platform".BleepingComputer.Archived from the original on 7 October 2024. Retrieved8 October 2024.

Notes

[edit]
(MSS Headquarters:Yidongyuan, Xiyuan,Haidian District,Beijing, China)
Organization
Headquarters bureaus
Municipal bureaus
Provincial departments
Departments in
autonomous regions
Schools
Research institutes
Front organizations
Other components
Ministers
Major international
operations
Notable works
Activities by country


External links

[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Salt_Typhoon&oldid=1281035576"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp