Chinese State-Sponsored Hackers Exploiting Network Edge Devices to Harvest Sensitive Data

Chinese state-sponsored cyber threat group Salt Typhoon has been targeting global telecommunications infrastructure since at least 2019, exploiting network edge devices to establish deep persistence and harvest vast quantities of sensitive data.

Aligned with the Ministry of State Security (MSS), Salt Typhoon focuses on long-term signals intelligence (SIGINT) collection, leveraging front companies and contractor ecosystems to obscure attribution while maintaining direct oversight from Beijing.

Salt Typhoon’s campaigns span multiple regions—including the United States, United Kingdom, Taiwan, and the European Union—and have compromised at least a dozen U.S. telecom providers, numerous state National Guard networks, and allied communications services.

Their attacks employ bespoke malware, living-off-the-land binaries (LOLBINs), and stealthy firmware implants on routers, VPN gateways, and firewalls to intercept VoIP configurations, lawful intercept logs, subscriber metadata, and call detail records.

Recent indictments and intelligence disclosures reveal that Salt Typhoon operates in conjunction with pseudo-private ...