China-Linked Hackers Target US Internet Providers in Latest Attack [CNET]

This comes just a week after the FBI disrupted a network of more than 200,000 devices infected with malware.

Hackers linked to the Chinese government have broken into a “handful” of US internet providers, The Wall Street Journal reports. 

Investigators are referring to the hack as “Salt Typhoon.” It comes just a week after the FBI announced that it took down another attack backed by the Chinese government known as “Flax Typhoon,” which affected a network of 200,000 internet-connected cameras, routers and other devices.

In the Salt Typhoon attack, hackers burrowed into broadband networks in an effort to access sensitive data stored by internet service providers. While previous hacks had been geared toward crippling infrastructure, people familiar with the matter told the WSJ that this appears to be designed for intelligence collection. 

“The Chinese government is going to continue to target your organizations and our critical infrastructure either by their own hand or concealed through their proxies,” said FBI Director Christopher Wray at the Aspen Cyber Summit in Washington just a week before the Salt Typhoon attack. 

This type of Chinese hacking operation has long been a regular occurrence, but the “skill and sophistication” has accelerated in recent years, intelligence officials told the Journal. 

“The cyber threat posed by the Chinese government is massive,” Wray said earlier this year. “China’s hacking program is larger than that of every other major nation, combined.”

China has consistently denied any involvement with these attacks. Liu Pengyu, a spokesman for the Chinese embassy in Washington, accused US intelligence agencies of “secretly collaborating to piece together false evidence” linking the Chinese government to the groups behind the Salt Typhoon hack. 

Which internet providers were affected?

The WSJ report stated that investigators were focusing on Cisco Systems routers, which are network components that direct internet traffic. A spokesman for Cisco told the WSJ that “there is no indication that Cisco routers are involved.” Microsoft is also reportedly investigating the attack. 

Researchers with Lumen, the company that owns the internet service providers CenturyLink and Quantum Fiber, wrote last month that it had located malware inside ISP routers that could reveal customers’ passwords. The report did not say which internet providers may have been affected.  

How to protect yourself from data leaks

While there is little evidence that an attack like Salt Typhoon is after the personal information of individual customers, there are some basic steps you should take to protect your personal data. Here’s what CNET experts recommend:

• Change your password regularly: When was the last time you changed your Wi-Fi router’s password? It’s a slightly annoying chore since you’ll have to reconnect all your devices, but it’s an excellent way to shore up your security in the wake of attacks that may have leaked login credentials. 
• Sign up for identity theft protection: If you’re concerned about your identity being stolen, these services monitor your credit and banking activity for around $7 to $15 per month. 

Read your credit reports: You’re entitled to a free credit report each week from each of the three major credit bureaus. This will tell you basic information about your credit activity, including if any new accounts are being opened in your name.