China-linked espionage actor Salt Typhoon is again in news but this time not for targeting larger telecommunication giants, instead its the smaller internet and hosting service providers in the Netherlands.
The Dutch intelligence service on Thursday said that the country “didn’t receive the same level of attention from the Salt Typhoon hackers as those in the U.S.,” but it “can now corroborate some of the findings of the U.S. investigation with independent intelligence.”
The Dutch MIVD and AIVD (General Intelligence and Security Service) said, “The Chinese hacker group had access to routers belonging to the Dutch targets. As far as we know, the hackers did not penetrate any further into their internal networks.”
No information on the number of routers accessed or which sectors were targeted was provided but the authorities said, “(It)did observe targets in the Netherlands. These were not large telecommunications providers, but smaller internet service and hosting providers.“
The MIVD and the AIVD have been warning for some time about the growing Chinese cyber threat,” the authorities said. “These activities have become so sophisticated that continuous effort and attention are required to promptly detect and mitigate cyber operations against Dutch interests. This can reduce risks, but not eliminate them entirely. This poses a major challenge to Dutch resilience.”
The MIVD, AIVD, and the National Cyber Security Centre (NCSC) have previously shared threat intelligence with targets and other relevant audiences, whenever possible.
Salt Typhoon Campaign’s Roots
This announcement cam on the heels of a multi-nation joint advisory released a day before that warned of China-linked threat groups Salt Typhoon and GhostEmperor’s targeting of critical infrastructure networks around the world in a persistent campaign of cyber espionage.
Read: Chinese State Hackers Target Global Critical Infrastructure, NSA Warns
These operations have been traced to three China-based companies: Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd., which allegedly act as a front for the Chinese Ministry of State Security and the People’s Liberation Army.
Salt Typhoon’s wider operation net first came to light late last year when several U.S. Telecom companies reported hack and wiretap of key members of the Presidential elections.
In an official hearing, earlier this year, the chairman of the Senate Intelligence Committee said, evicting these intruders will require replacing “thousands and thousands and thousands” of network devices.
Read: China Attack on U.S. Telecom Networks: ‘Thousands and Thousands’ of Devices Need to Be Replaced
The Salt Typhoon tied breach of U.S. telecom networks lasted for more than a year in some cases, and while only 150 victims were notified at the time, the total could eventually number in the “millions,” experts had warned
Warner, a former telecom venture capitalist, called the breaches the “worst telecom hack” in the nation’s history – by far.
Source: Read More
