Chinese state-backed cyber espionage group Salt Typhoon, which has been in the news for its breach of U.S. telecom firms, was first discovered on the federal network using a different name, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).
“We saw it as a separate campaign called another goofy cyber name. And we were able to—based on the visibility that we had within the federal networks—to be able to connect some dots,” she said during a discussion at the Foundation for Defense of Democracies on Jan. 15.
The Salt Typhoon intrusions allegedly exposed a huge swathe of Americans’ call logs to Chinese spies and rattled the U.S. intelligence community. In some cases, hackers are alleged to have intercepted conversations between prominent U.S. politicians and government officials. Some lawmakers have described the intrusions as the worst telecom hacks in U.S. history.
The earlier identification under a different name enabled officials to connect the dots with the help of tipsters from the private sector, which Easterly said ultimately “led to kind of cracking open the larger Salt Typhoon piece.”
Later on Jan. 15, the CISA director said in a blog post that Beijing’s “sophisticated and well-resourced cyber program” is a threat to the American critical infrastructure.
The administration has eradicated some intrusions by Chinese actors, according to Easterly, but there’s need to further strengthen cyber defense and vigilance across public and private sectors. CISA has in response designed three “lines of effort” to address the persisting threats and decrease the risks to the American citizens, she said.
The first step involves evicting Chinese cyber actors from victims’ networks.
The second involves a joint cyber defense collaborative between important information technology, communication, and cybersecurity industry partners.
‘Everything, Everywhere, All at Once’
The CISA director testified last year before the House Select Committee on the Chinese Communist Party. In her recent blog post, she highlighted the geopolitical context to increasing cyber espionage against the United States, especially by the Chinese regime.“I underscored the very real possibility that a crisis in Asia, precipitated by an invasion of Taiwan or a blockade of the Taiwan Strait, could have very real consequences for the safety and security of American citizens here at home,” Easterly said.
Such an invasion, according to Easterly, could be followed by disruptive attacks targeting “everything, everywhere, all at once,” which could include transportation nodes, telecommunications services, power grids, water facilities.
Treasury Department Sanctions
“Chinese state-backed cyber actors continue to present some of the greatest and most persistent threats to U.S. national security,” the Treasury Department said.
The Treasury Department also sanctioned Shanghai-based hacker Yin Kecheng, who was allegedly behind a major breach of the department’s network in early December. The cyber actor is affiliated with China’s Ministry of State Security, the department said.
