Full Report
The US authorities have asked the public to help them unmask China’s Salt Typhoon threat actors
Analysis Summary
# Threat Actor: Salt Typhoon
## Attribution & Identity
* **Attribution:** Believed to be the work of China's Ministry of State Security (MSS).
* **Known Aliases:** FamousSparrow, GhostEmperor, Earth Estries, UNC2286.
* **Historical Activities:** Active since at least 2020.
## Activity Summary
The group was responsible for a major intelligence gathering operation revealed in November of the previous year (implied 2024, based on article date context). This operation targeted US telecommunications companies globally on a significant scale. The primary outcome of this campaign was the theft of call data logs and the copying of select information subject to court-ordered US law enforcement requests. Specifically, the compromise of telecommunications networks potentially affected the personal communications of staff from Donald Trump’s presidential campaign and Kamala Harris’s 2024 presidential campaign.
## Tactics, Techniques & Procedures
The article focuses on the outcome (theft of data and copying information) rather than listing specific TTPs, but the overall activity points towards:
- **Intelligence Gathering:** Large-scale compromise of telecommunications networks to target global victims.
- **Data Exfiltration:** Theft of call data logs and private communications.
- **Access Persistence:** Leveraging access into victim networks for broad campaigning.
## Targeting
* **Sectors:** Telecommunications companies (US focus).
* **Geography:** Global scale targeting, originating from activity noted against US infrastructure.
* **Victims:** US telecommunications companies; potentially including staff/officials associated with Donald Trump’s 2024 presidential campaign and Kamala Harris’s 2024 presidential campaign.
## Tools & Infrastructure
The article does not explicitly list malware families or specific C2 infrastructure details.
## Implications
Salt Typhoon represents a significant, sustained intelligence gathering threat orchestrated by the MSS, capable of penetrating critical infrastructure (telecommunications) to access sensitive communications data, including information potentially related to high-profile political figures. The FBI's public appeal suggests ongoing difficulty in fully unmasking or disrupting the group's operations.
## Mitigations
The FBI is actively appealing to the public for information to help unmask the actors. Organizations, especially in the telecommunications sector, should review security posture against suspected MSS/Chinese APT activity, focusing on securing sensitive communication data.