- Security agencies issue a joint declaration warning of Chinese technology companies may be indirectly collaborating with Salt Typhoon
- Salt Typhoon is a piracy group behind multiple high profile attacks
- It is believed that the group has serious links with the Chinese government
A new joint cybersecurity notice of the National Security Agency (NSA) and other agencies such as CISA, the NCSC of the United Kingdom, the CSIS of Canada, the NPA of Japan and many more of the advanced actors of persistent threat (APT) that are believed to be sponsored by the Chinese government.
According to the advice, Chinese companies have been providing products and services to the Ministry of Security of the State of China and the military, which in turn is affirmed, point to piracy groups.
These threat actors are directed to infrastructure such as telecommunications, government, military, transport and energy agencies, specifically in a global piracy campaign linked to the notorious group of salt typhons.
Component supply
“The stolen data through this activity against foreign telecommunications and Internet service providers (ISP), as well as intrusions in accommodation and transport sectors, can ultimately provide Chinese intelligence services the ability to identify and track communications and movements of their objectives throughout the world,” warns the advisor.
Some of the companies named in the notice, such as Sichuan Juxinhe Network Technology Co. LTD, have already been sanctioned for their ties with the group.
Other appointed companies include Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., LTD, all of which are believed to be linked.
The report also describes the specific guide and mitigations of threat hunting against these groups, particularly on patch devices quickly, monitoring an unauthorized activity and the hardening of the device configuration.
At the beginning of 2025, Salt Typhoon was discovered that he carries out a Ciber Espionage campaign that violated multiple communications companies, with computer pirates that remained within the networks of the US company for months.
It was observed that the group abused vulnerabilities in Microsoft exchange servers, which allowed them to violate the networks and exfilt the data. A solution for this defect has been available for years, but the investigation suggests that almost 91% of the 30,000 affected instances continue without stopping, highlighting the importance of implementing effective patches management software.
China has always strongly denied ties with this group and with any other cybernetic fans.
