The FBI has requested the general public for data on Chinese language Salt Storm hackers behind widespread breaches of telecommunications suppliers in america and worldwide.
In October, the FBI and CISA confirmed that the Chinese language state hackers had breached a number of telecom suppliers (together with AT&T, Verizon, Lumen, Constitution Communications, Consolidated Communications, and Windstream) and plenty of different telecom firms in dozens of nations.
As revealed on the time, whereas that they had entry to the U.S. telecoms’ networks, the attackers additionally accessed the U.S. regulation enforcement’s wiretapping platform and gained entry to the “personal communications” of a “restricted quantity” of U.S. authorities officers.
On Thursday, the FBI issued a public service announcement in search of ideas that would assist establish and find the Salt Storm hackers who focused US telecommunications infrastructure.
“Investigation into these actors and their exercise revealed a broad and vital cyber marketing campaign to leverage entry into these networks to focus on victims on a worldwide scale. This exercise resulted within the theft of name knowledge logs, a restricted variety of personal communications involving recognized victims, and the copying of choose data topic to court-ordered US regulation enforcement requests,” the FBI stated.
“FBI maintains its dedication to defending the US telecommunications sector and the people and organizations focused by Salt Storm by figuring out, mitigating, and disrupting Salt Storm’s malicious cyber exercise. If in case you have any details about the people who comprise Salt Storm or different Salt Storm exercise, we’d notably like to listen to from you.”
In January, the U.S. Division of the Treasury’s Workplace of International Property Management (OFAC) introduced sanctions towards Sichuan Juxinhe Community Expertise, a Chinese language cybersecurity agency believed to be instantly concerned within the Salt Storm telecom breaches.
The FBI additionally reminded that the U.S. Division of State is providing a reward of as much as $10 million by way of its Rewards for Justice (RFJ) program for details about government-linked overseas hackers linked to malicious cyber actions towards U.S. essential infrastructure.
Extra Salt Storm telecom breaches
China’s Salt Storm Chinese language cyber-espionage group (additionally tracked as Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286) has been breaching authorities entities and telecom firms since a minimum of 2019.
In current months, it was additionally uncovered that this state-backed hacking group remains to be actively focusing on telecoms. Between December 2024 and January 2025, it breached extra telecommunications firms worldwide by exploiting privilege escalation and Internet UI command injection vulnerabilities in unpatched Cisco IOS XE community gadgets.
These extra breaches embody a U.S. web service supplier (ISP), a U.S.-based affiliate of a U.Ok. telecommunications supplier, an Italian ISP, a South African telecom supplier, and a big Thai telecommunications supplier.
Cisco has additionally revealed that the Chinese language hackers use a customized JumbledPath malicious device to stealthily monitor community site visitors and sure seize delicate knowledge from compromised U.S. telecommunication suppliers’ networks.
In response to those breaches, U.S. authorities are contemplating banning TP-Hyperlink routers if an ongoing investigation finds their use in cyberattacks poses a nationwide safety threat. They’re additionally reportedly planning to ban China Telecom’s final lively operations in america.