- A few months ago, Chinese state-sponsored actors were observed on IT networks of ISPs, telcos, and more
- Since then, the companies worked hard on cleaning up their infrastructure
- Salt Typhoon still lurks, CISA warns, as it shares guidelines to defend
The US Cybersecurity and Infrastructure Security Agency (CISA) believes Salt Typhoon, the Chinese state-sponsored threat actor that was spotted in telecommunications giants’ networks months ago, is still lurking and hasn’t been completely eradicated. To help organizations tackle this important threat, the agency released in-depth guidance earlier this week.
Salt Typhoon is a known hacking collective, on payroll with the Chinese government. It is mostly engaged in cyber-espionage, targeting important entities and figures in the West, with infostealers and similar malware.
It is part of a wider campaign that includes a number of other “typhoons” – Flax Typhoon, Volt Typhoon, and Brass Typhoon, that seeks not just to steal information, but also to disrupt critical infrastructure.
Strengthening the network
For months now, cybersecurity experts, government agents, and the media have been reporting on Salt Typhoon’s attacks on internet service providers, telecommunications firms, and similar companies. The targets have been working hard on cleaning up their IT systems, but according to CISA, there’s still work to be done.
That being said, the agency first suggests telecoms strengthen their network visibility and focus on monitoring, detecting, and understanding network activity. Then, the report discusses hardening systems and devices through protocols and management processes, device hardening, and access controls. Finally, it tackles incident reporting and provides detailed contact information for reporting cybersecurity incidents in the U.S., Australia, Canada, and New Zealand.
Software manufacturers should embed security principles during development, CISA concluded, advocating for secure-by-design configurations, which should reduce reliance on customer hardening.
“Software manufacturers should prioritize secure by design configurations to eliminate the need for customer implementation of hardening guidelines,” it said. “Additionally, customers should demand that the software they purchase is secure by design.”
For any organization fearing being targeted by Salt Typhoon (or any other Typhoon, for that matter), CISA’s guidance is a must-read.