Summary
- Verizon says it has contained the ‘Salt Typhoon’ cyber threat and none of its customers experienced major data leaks.
- Salt Typhoon is linked to the Chinese government and is the largest hack in US history, affecting millions of phones but targeting government officials.
- The threat worked by exploiting unencrypted messages and phone calls on people’s smartphones.
Verizon confirmed it has contained a nation-state cyber threat after working with the FBI and private security firms. The attack, codenamed ‘Salt Typhoon,’ was linked to a Chinese source and targeted government officials.
Verizon has assured its customers that banking, financial, and social security data was not exposed. The threat actor accessed a small percentage of Verizon’s mobile internet and call records from a small group of individuals involved in government and political parties. A third party cybersecurity firm has independently verified the containment and there are no signs of ongoing activity associated with the incident.
Here’s what you need to know about Salt Typhoon
Salt Typhoon is an advanced persistent threat (APT) linked to Chinese state-backed hackers. It involves exploiting weaknesses in messages and phone calls to gain access to an organization’s systems, where it can deploy malware to quietly scoop up sensitive data. The group has so far targeted high-value individuals, such as politicians and government officials. The FBI says this is the largest hack in US history.
The threat first appeared in September 2024, although officials now believe it has been quietly going on since 2022. The FBI released a warning last month that RCS messages between Android and iPhones are highly vulnerable to the Salt Typhoon threat. Verizon, one of the largest telecommunications providers impacted by Salt Typhoon, partnered with federal agencies and private cybersecurity firms to contain the breach. The company says they have finally eradicated it.
“We have not detected threat actor activity in Verizon’s network for some time,” Verizon Chief Legal Officer Vandana Venkatesh stated in a press release. “The situation is contained.”
A wake-up call for US telecom security
The Salt Typhoon incident exposed the ongoing risks facing telecommunications providers and their users. Salt Typhoon was able to take advantage of the lack of end-to-end encryption on much of the US’s communication network. It also showed how collaboration between industry and government is key to mitigating these kinds of threats.
Better and more robust telecommunications security is needed. The average person can start by making sure they use an end-to-end encrypted messaging device, securing their devices with a VPN, and keeping their phones updated with the latest software.
Related
8 essential Android 15 security features you should set up immediately
Stay safe in a digital world: Android 15’s got your back
