The Chinese government now has a vast storehouse of confidential information belonging to key industries and individuals in the US and UK and many other countries. According to an urgent joint cybersecurity advisory issued by the US National Security Agency (NSA) and other U.S. and foreign organizations, threat actors sponsored by the Chinese government, notably Salt Typhoon, have been consistently targeting telecommunications, government, transportation, lodging, and military infrastructure networks globally.
But there is also growing evidence that Salt Typhoon, also known as OPERATOR PANDA, RedMike, UNC5807 and GhostEmperor, has gathered information on millions of individuals working in sectors other than those directly targeted by the Chinese state. The FBI is reported to have revealed that there is strong likelihood that Salt Typhoon has already garnered information from nearly every American, as well as from millions of people in other countries.
Salt Typhoon’s hoard of information on key individuals in sectors other than those directly involved in defense or providing critical infrastructure means that no organization is safe from subsequent cyber-attacks conducted by the Chinese state. These could take the form of straightforward financial fraud or industrial espionage. By using today’s sophisticated social engineering techniques, China now has the potential to conduct in-depth investigations on key individuals in the US and UK. This would, in many cases, enable China to blackmail those individuals into performing any number of clandestine tasks or revealing highly sensitive information.
China can now conduct espionage on an industrial scale
Salt Typhoon has a vast infrastructure in China and is capable of conducting this form of espionage on an almost industrial scale. Its activities have also been linked to multiple China-based entities, including Sichuan Juxinhe Network Technology Co. Ltd, Beijing Huanyu Tianqiong Information Technology Co., Ltd, and Sichuan Zhixin Ruijie Network Technology Co., Ltd, which provide cyber products and services to China’s Ministry of State Security and People’s Liberation Army.
It is therefore essential that all companies, not just working in defense, pay close attention to the NSA’s joint advisory and follow its recommendations in order to take steps to ensure that their organizations are not being constantly monitored by Salt Typhoon. Recommendations include direct threat hunting to discover which parts of the organization may already have been infiltrated.
