$10 Million for Those Who Saw American Networks Leak Faster Than Umbrellas in a Typhoon
The FBI has announced a reward of up to $10 million for information about the hacker group Salt Typhoon, linked to the Chinese government. The agency hopes to obtain details about the group's members and their infiltration of several American telecommunications companies' networks last year. In addition to monetary rewards, the agency promises relocation assistance and other support for informants.
Salt Typhoon is one of many groups operating on behalf of the Chinese government. According to intelligence agencies and private security companies, this group has been involved in a series of espionage attacks aimed at gathering critical information that could be useful in potential future military conflicts. The FBI's investigation revealed that Salt Typhoon conducted a massive cyber campaign: the attackers used network access to launch attacks on victims worldwide. As a result, phone call logs, a limited amount of victims' personal communications, and some information under control of U.S. law enforcement agencies through legal court orders were stolen.
The group has been active since at least 2019 and is known by several other names — RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286. Over the years, Salt Typhoon has carried out numerous attacks on telecommunications companies across different countries, including the U.S. About a year ago, the group's activity intensified significantly. One of the most serious breaches was the hacking of Verizon, AT&T, and Lumen/CenturyLink networks, reported by The Wall Street Journal in October. According to the publication, the hackers collected internet traffic from networks serving companies and millions of American users.
As The Washington Post noted, during these attacks, Salt Typhoon may have gained access to lawful interception systems used by American law enforcement agencies based on court orders. Although there was no direct proof, sources indicated signs of such systems being compromised. The FBI's reward announcement effectively confirms these concerns.
In December, Biden administration officials reported that the group had hacked telecom companies in dozens of countries, including eight U.S. operators — twice as many as previously estimated. The attacks, they said, could have continued for one to two years, and there was no full confidence that the attackers had been completely removed from the networks.
Researchers from Insikt Group reported in February that Salt Typhoon’s campaign was still ongoing into the new year: the hackers targeted internet-facing Cisco networking devices used by telecom operators. They exploited vulnerabilities CVE-2023-20198 and CVE-2023-20273, for which patches had been released over a year earlier.
The FBI has created a special dark web site and opened a Signal number for receiving messages to make it easier for informants, even from within China’s heavily censored internet environment, to provide information.