What is Salt Typhoon, the Chinese spy group that targeted Donald Trump

New Delhi:

Chinese hackers have targeted the communication devices of US presidential candidates, including former President Donald Trump and his running mate, JD Vance. This sophisticated hacking attempt was reportedly orchestrated by a Chinese cyber espionage group known as “Salt Typhoon”. According to the New York Times, the group infiltrated telecommunications networks and may have accessed critical data from major service providers, including Verizon.

According to reports, Salt Typhoon’s targets in the US include not only the Trump campaign, but also Democratic contenders, including Vice President Kamala Harris and her running mate Tim Walz.

The attack on Verizon’s infrastructure is believed to be part of a larger Chinese intelligence-gathering campaign. While it remains uncertain whether the hackers were able to extract certain communications, US federal agencies are now working to uncover the nature and extent of any data breach. “We are aware that a highly sophisticated nation-state actor has targeted multiple US telecommunications providers to collect information,” Verizon spokesman Rich Young told AFP news agency.

Who is Salt Typhoon?

Salt Typhoon, the name coined by Microsoft’s cybersecurity team, is a state-sponsored Chinese hacker group. Microsoft labels Chinese hacker groups with the term “typhoon,” while using “sandstorm” for Iranians and “blizzard” for Russian cyber actors. The term “salt” in this context denotes the group’s specialized focus on counterintelligence rather than conventional cybercrime involving the theft of corporate data or financial fraud.

Salt Typhoon operations appear to be solely aimed at gathering intelligence on critical US assets and institutions, particularly during sensitive political seasons. In this case, Salt Typhoon targeted certain phone numbers linked to top political figures and their staff, as well as people with close government ties.

US officials are still in the early stages of assessing the full scope of the Salt Typhoon breach. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint statement acknowledging the seriousness of the threat, confirming that US government agencies are actively engaged in “investigating unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.” .”

In their statement, the FBI and CISA said ongoing efforts to collaborate with private sector companies are underway to strengthen cybersecurity defenses. “After the FBI identified specific malicious activity targeting the sector, the FBI and CISA immediately notified affected companies, provided technical assistance and quickly shared information to assist other potential victims,” ​​the agencies said.

A significant concern is that Salt Typhoon may have obtained critical metadata, which may be as revealing as the actual content in terms of information. For example, metadata related to call patterns, times, and frequencies can reveal information about relationships, strategic discussions, and even security vulnerabilities in communication channels. For Chinese intelligence services, this data could provide clues about the inner workings and key figures in US decision-making circles, particularly in the run-up to the 2024 election.