According to statements by the Cybersecurity and Infrastructure Security Agency (CISA), the People’s Republic of China-backed (PRC) hacking group Salt Typhoon, which attacked telecommunications providers last month, is still infiltrating the providers and it is “impossible for us to predict a time frame on when we’ll have full eviction.” One reason is that the hackers infiltrated the telecoms in different ways and “each victim is unique.”
In addition, the incident has not been fully mitigated and the number of victims is “evolving.”
As a result of the massive hacking incident, CISA, the Federal Bureau of Investigation, National Security Agency, and their partners in Australia, New Zealand, and Canada issued a bulletin on December 4, 2024, stating that the PRC-affiliated hackers “compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign.” The bulletin “highlight[s] the threat and provide[s] network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.”
The bulletin is a substantive and worthwhile read to help mitigate against attacks and “encourage[s] telecommunications and other critical infrastructure organizations to apply the best practices in this guide.”