Threat Awareness – New Details on Salt Typhoon’s Breach of ISPs in the U.S. and Abroad

The scope of the Salt Typhoon Campaign is continues to increase as senior White House officials revealed last week that telecommunications companies in dozens of countries have been breached by Salt Typhoon, eight of which are major internet service providers (ISPs) located in the U.S.

This new information follows a string of incidents over the past few months where Salt Typhoon actors linked to the Chinese Government breached a handful of U.S. internet service providers (ISPs) including Verizon, AT&T, and Lumen Technologies. Investigators have previously noted that these attackers have compromised America’s broadband networks and appear to have access deep into the routing functions of major ISPs, giving them the ability to manipulate network routing.

Given the scope of the breach and the propensity for PRC-affiliated actors to target the water sector, WaterISAC highly recommends utilities continue to follow sector-specific guidance and remain alert to the ongoing situation. For more information, visit The Record.

Water Sector Cybersecurity Resources

• Cybersecurity Fundamentals for Water and Wastewater Utilities | WaterISAC
• EPA Guidance on Improving Cybersecurity at Drinking Water and Wastewater Systems | EPA
• Water Cybersecurity Assessment Tool and Risk Mitigation Template | EPA

Additional WaterISAC Resources

• U.S. Government and International Partners Publish Guide to Protect Communications Infrastructure Against Chinese Threat Actor
• House Committee Releases Cyber Threat Snapshot – Cites Water Sector Incidents and Rising Nation-State Threats
• Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications