Salt Typhoon Hackers Still Lurking in Telecom Networks Despite Government Crackdown

The U.S. government and its allies have issued a stark warning: Chinese government-linked hackers, identified as Salt Typhoon, remain deeply embedded in telecommunications networks despite ongoing efforts to evict them. This breach, which first came to light in the spring, has exposed vulnerabilities in critical infrastructure and continues to pose significant challenges for cybersecurity teams.

Salt Typhoon’s infiltration targeted high-profile individuals, including officials from both presidential campaigns and even the phone of President-elect Donald Trump. Jeff Greene, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), highlighted the difficulty in fully removing these attackers. "It would be impossible for us to predict a time frame on when we’ll have full eviction," Greene said, underscoring the complexity of the breach.

The group’s tactics are far from uniform, making their removal particularly challenging. Each victim's compromise varies in scope and severity, with no single method of infiltration identified. This inconsistency requires a tailored approach to mitigation for each affected carrier. The guidance released by CISA, in collaboration with other Western cybersecurity agencies, is aimed at hardening defenses and limiting the hackers' access.

Agencies from the U.S., Australia, Canada, New Zealand, and the United Kingdom have joined forces to address this unprecedented campaign. Their recommendations focus on securing the global communications infrastructure. Despite some media speculation, the hackers did not solely target systems related to the Communications Assistance to Law Enforcement Act (CALEA). Instead, the group pursued multiple avenues to access sensitive information.

Officials remain tight-lipped about the full scale of the breach, as the investigation is still unfolding. However, the government has emphasized the importance of collaboration with telecom providers to illuminate the hackers’ activities and eliminate their footholds.

Looking ahead, questions remain about the potential need for long-term equipment replacement to secure the networks fully. For now, Greene and his team are focused on making it significantly harder for Salt Typhoon to persist in their espionage campaign.

The breach serves as a sobering reminder of the critical role telecommunications networks play in national security. As efforts to evict the hackers intensify, the global cybersecurity community is watching closely, knowing the stakes couldn’t be higher.