A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
OPINION:
Hackers affiliated with China’s Ministry of State Security recently compromised eight telecommunications companies, extracting lawful wiretaps and critical intelligence data from some. Known as Salt Typhoon, this state-sponsored hacking group has left some affected companies struggling to secure their systems. Amid this challenge, key lessons from the attacks highlight examples of proactive and resilient cybersecurity practices that could guide the entire industry.
Operating since at least 2020, Salt Typhoon has targeted telecommunications providers, government agencies, political figures, internet service providers and consulting firms worldwide. The group’s tactics are sophisticated, involving prolonged infiltration, stealthy data exfiltration and the exploitation of lawful surveillance systems, making it particularly dangerous to national security. Once embedded, attackers are extremely difficult to remove, often remaining undetected for months or even years and extracting sensitive information without triggering alarms.
The Salt Typhoon attacks have revealed vulnerabilities across the telecommunications sector. Reports indicate that hackers infiltrated and potentially accessed sensitive data. According to The Wall Street Journal, U.S. wiretap systems were specifically targeted, posing a significant national security risk. The attacks highlight systemic vulnerabilities and the urgent need for more robust defenses.
Amid these challenges, T-Mobile’s chief security officer, Jeff Simon, has said that while looking for evidence of a Salt Typhoon attack, his team has since detected and thwarted an attack from an unknown actor in a matter of days. The team identified the point of entry as originating from a compromised wireline provider’s network connected to T-Mobile’s. According to Mr. Simon, the attack did not access “sensitive customer data” such as calls, texts or voicemails.
T-Mobile’s success is a consequence of several proactive strategies. For instance, their network was segmented, creating strategic layers to protect and contain potential intrusions. Passwordless, multifactor authentication systems were also in place, reducing the chance that a hacker could trick employees into revealing their credentials. And the company has prioritized modernizing its infrastructure to newer standards and enhanced encryption, which are more resilient to intrusion. These practices enabled them to detect repeated failed attempts to penetrate layered defenses.
The Salt Typhoon attacks highlight the urgent need for systemic change in how telecommunications providers approach cybersecurity. Government and industry leaders must be proactive and prioritize threat intelligence to improve defenses before incidents occur. This requires proactive threat intelligence sharing.
Encouraging an exchange between federal agencies and industry peers on actionable intelligence about emerging threats before incidents occur would help secure our country against state-sponsored hackers. Policymakers should establish programs that promote threat sharing and collaboration between the government and the private sector.
Telecom providers should also modernize aging infrastructure, creating adaptable infrastructure capable of implementing advanced security measures. Vulnerabilities in aging systems provide opportunities for exploitation. Modernizing against security threats requires integrating threat intelligence with proactive security measures and using artificial intelligence and emerging technologies.
Finally, transparency is critical to increasing resilience across the industry. Cybersecurity is not a zero-sum game; protecting one network strengthens the collective security of all. Any reluctance to disclose incidents undermines collective defense and leaves vulnerabilities unaddressed.
The Salt Typhoon incident is a sobering reminder of the risks posed by cyberespionage campaigns and advanced persistent threats. It also presents an opportunity to reshape the telecommunications industry’s approach to cybersecurity. By learning from its successes as well as failures, the industry can foster greater transparency, collaboration and resilience.
Federal policymakers are critical to driving this transformation. By mandating threat intelligence sharing, offering incentives to modernize infrastructure modernization and encouraging cybersecurity practices grounded in transparency, they can work with the private sector to inform citizens and secure civilian systems against threats to national security. Only through collaboration, innovation and transparency can we protect the critical infrastructure that underpins national security, economic stability and public trust.
• Pamela K. Isom is the CEO and founder of IsAdvice & Consulting and a member of the American Security Project’s Consensus for American Security.
Please read our comment policy before commenting.