A new cyberattack aimed at broadband service providers in the United States — called Salt Typhoon — was made public by an article in the Wall Street Journal today.
The Journal reports that the cyberattack, in which hackers attempt to gain critical data from broadband service providers, has been going on for months and has been linked to China by U.S. government investigators.
The reason for targeting of broadband providers, in particular, is to take control of those providers’ systems and, from there, access their data and possibly launch a separate cyberattack from within their networks.
According to the Journal’s reporting, major network providers like Cisco and Microsoft are investigating the Salt Typhoon cyberattack to see what aspects of broadband service providers’ networks may be affected.
The Journal notes that, according to one cybersecurity professional, “if hackers gained access to service providers’ core routers, it would leave them in a powerful position to steal information, redirect internet traffic, install malicious software or pivot to new attacks.”
In contrast to the Volt Typhoon cyberattacks earlier this year, which were intended to embed and launch further cyberattacks, the Salt Typhoon attack on service providers “appeared to be more geared toward intelligence collection.”
“The need for enhanced cybersecurity — regardless of the size of the organization — has been garnering more and more attention over the past few years. We see the need every day as we provide cybersecurity support to our members in the broadband industry,” said Jon Bartleson, President of NRTC Managed Services.
“BEAD and E-ACAM programs both have stringent requirements for solid cybersecurity practices. Now it’s clear that well-funded and state-backed bad actors are specifically targeting the industry.”