{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Salt Typhoon Strikes Again: National Guard, Telecoms, and a Crisis in U.S. Cyber Defense","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/0d401070\"></iframe>","width":"100%","height":180,"duration":1318,"description":"Salt Typhoon, a sophisticated Chinese state-sponsored cyber threat actor, is conducting one of the most aggressive and sustained espionage campaigns ever uncovered against U.S. critical infrastructure. This episode explores how the group—linked to China's Ministry of State Security—compromised a U.S. state’s Army National Guard, infiltrated telecom giants like AT&T, Verizon, and T-Mobile, and exfiltrated massive volumes of configuration files, call metadata, and wiretap logs.Operating with alarming stealth, Salt Typhoon leveraged zero-day vulnerabilities in network devices, misconfigured infrastructure, and high-privilege accounts lacking MFA. Their goal? Strategic intelligence and counterintelligence dominance—mapping the communications lifelines of U.S. government, military, and private sector entities.We explore:How Salt Typhoon infiltrated over 100,000 routers, including core components of global telecommunications infrastructureThe breach of the National Guard network, including admin credentials and communications with fusion centers across multiple statesExploited vulnerabilities (e.g., CVE-2023-20198, CVE-2023-20273) and GRE tunneling used to maintain persistent accessThe group’s broader footprint, including targets in Canada, universities worldwide, and access to U.S. court-authorized wiretap systemsThe tools and tactics of RedMike (aka Salt Typhoon), from living-off-the-land attacks to custom malware and encrypted exfiltrationWhy this is being called the worst telecom hack in U.S. history—and what it means for national securityAs U.S. officials roll out sanctions, international advisories, and enhanced telecom defenses, Salt Typhoon continues to adapt—illustrating the limitations of reactive security postures in an age of advanced persistent threats. The question is no longer if a breach will happen, but how long it takes to detect and contain it.","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}