Earlier this month, word broke that the hacking group, dubbed Salt Typhoon, likely had access for months to systems that Internet services providers (ISPs) use to comply with court-authorized wiretapping requests. The systems let the ISPs share user data with law enforcement and intelligence agencies that intend to use this surveillance for crime solving or national security-related investigations. Hacks on these systems may have compromised highly sensitive information.
The hackers also may have spied on more general Internet traffic from people and companies.
Salt Typhoon came into the spotlight again recently with new reports alleging the hackers tried to access phone communications of political figures and Democratic and Republican campaigns for president. Those targets include Donald Trump, JD Vance and a Trump adviser, as well as staff from Kamala Harris' campaign and the office of Senate Majority Leader Chuck Schumer. In some cases, hackers captured audio communications and unencrypted messages.
Before news broke of the Cyber Safety Review Board’s new choice of investigation, many had expected it would instead examine the CrowdStrike glitch that caused global Windows machine crashes or the 2020 SolarWinds hack. The board has previously examined the Log4j vulnerability, Lapsus$ cyber-crime group and the 2023 breach of Microsoft Exchange by Chinese government-affiliated threat actors.
