AT&T, Verizon, and Beyond: How Salt Typhoon Targets Global Telcos

In this episode, we dive deep into the alarming revelations about Salt Typhoon—a Chinese state-sponsored advanced persistent threat (APT) actor, also known as RedMike, Earth Estries, FamousSparrow, GhostEmperor, and UNC2286. Backed by China’s Ministry of State Security (MSS), this group has been running extensive cyber espionage operations since at least 2023, with a focus on telecommunication giants, government agencies, technology firms, and academic institutions around the world.We’ll unpack how Salt Typhoon leveraged critical vulnerabilities, like CVE-2023-20198, and custom malware such as GhostSpider and Demodex, to gain deep, persistent access to telecom infrastructure in the U.S., Canada, and dozens of other nations. Despite being publicly exposed, sanctioned, and highly scrutinized, this APT remains entrenched in networks due to the fragmented, legacy-heavy state of telecom systems.The discussion will cover: ✅ The strategic objectives of Salt Typhoon—ranging from intelligence collection on political figures to geolocation tracking around Washington, D.C. ✅ The scope of compromise, with intrusions affecting major telecoms like AT&T, Verizon, T-Mobile, and Canadian infrastructure—earning the label from Sen. Mark Warner as “the most serious telecom hack in our nation’s history.” ✅ The tactics and techniques that enable persistence—GRE tunnels, credential theft, lateral movement, and stealthy malware designed to evade detection across LTE/5G networks. ✅ The challenges of defense—why eradicating Salt Typhoon is nearly impossible in an industry described as a “Frankenstein’s monster” of outdated and incompatible technologies. ✅ What can be done—improving network visibility, hardening systems, fostering intelligence sharing, and why “secure by design” is more critical than ever.Finally, we’ll examine what this ongoing cyber espionage campaign means for national security, individual privacy, and the future of global communications infrastructure—as the FBI calls for public help to fully map the scope of this unprecedented threat.

There are no comments yet.

Please log in to write the first comment.