The extent of the Salt Typhoon Campaign targeting telecommunications continues to unfold as additional communications companies have been allegedly breached. Charter Communications, Consolidated Communications, and Windstream have all been reportedly breached by the Chinese attackers. Ann Neuberger, White House deputy national security adviser for cyber and emerging technologies, said that nine U.S. telecoms have been targeted and breached by Chinese attackers so far. Whether the above three are included as part of that list remains unclear.
WaterISAC is warning the sector at large that, while Chinese-affiliated attackers have prepositioned themselves throughout U.S. telecommunications, utilities are on the front lines of this attack. Back in January last year, the FBI was able to draw attention to the large Chinese botnet operated by Volt Typhoon and used to conceal their infiltration of U.S. critical infrastructure. At that time, FBI Director Wray said, “There has been far too little public focus on the fact that PRC (People’s Republic of China) hackers are targeting our critical infrastructure—our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems.” The FBI effectively disrupted the botnet shortly after this. However, it has since resurfaced likely before August last year.
Given the scope of the more recent Salt Typhoon breaches and the propensity for PRC-affiliated actors to target the water sector, WaterISAC highly recommends utilities continue to follow sector-specific guidance and remain alert to the ongoing situation. For more information, visit Dark Reading or The Register.
Water Sector Cybersecurity Resources
- U.S. Government and International Partners Publish Guide to Protect Communications Infrastructure Against Chinese Threat Actor
- Cybersecurity Fundamentals for Water and Wastewater Utilities
- EPA Guidance on Improving Cybersecurity at Drinking Water and Wastewater Systems
- Water Cybersecurity Assessment Tool and Risk Mitigation Template
Additional WaterISAC Sharing on Volt Typhoon and Salt Typhoon
- House Committee Releases Cyber Threat Snapshot - Cites Water Sector Incidents and Rising Nation-State Threats
- Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications
- Threat Awareness – New Details on Salt Typhoon’s Breach of ISPs in the U.S. and Abroad
- Threat Awareness – CISA and FBI Release Joint Statement as Volt Typhoon’s Botnet Resurfaces
- Threat Awareness - Censys Reports Hundreds of Versa Director Servers May be Exposed to Volt Typhoon Exploitation
- Threat Awareness – PRC's Volt Typhoon Observed Exploiting Zero-Day in SD-WAN Provider
