Nation-state threat actors supported by Beijing infiltrated a small number of U.S. internet service providers (ISPs) as part of a cyber surveillance campaign designed to extract confidential information, The Wall Street Journal revealed on Wednesday.
The incursion has been linked to a threat actor identified by Microsoft as Salt Typhoon, also recognized as FamousSparrow and GhostEmperor.
“There’s an ongoing inquiry into whether the infiltrators managed to access Cisco Systems routers, which are pivotal network components that direct a substantial portion of internet traffic,” sources familiar with the situation were quoted as saying by the publication.
The objective of the breaches is to establish a persistent presence within targeted networks, enabling the threat actors to collect sensitive data or launch a harmful cyber assault.
GhostEmperor came to the forefront in October 2021, following a disclosure by Russian cybersecurity firm Kasperksy about a protracted covert mission aimed at Southeast Asian entities with the deployment of a rootkit dubbed Demodex.
The targets of the operation encompassed prominent organizations in Malaysia, Thailand, Vietnam, and Indonesia, along with sporadic targets situated in Egypt, Ethiopia, and Afghanistan.
As recent as July 2024, Sygnia disclosed that an undisclosed client fell victim to the threat actor in 2023, compromising one of its business associate’s networks.
“As part of the investigation, multiple servers, workstations, and users were identified as being compromised by a threat actor who utilized various tools to communicate with a series of [command-and-control] servers,” the company stated. “One of these tools was recognized as a variant of Demodex.”
This development follows shortly after the U.S. government disclosed the dismantling of a 260,000-device botnet named Raptor Train operated by a distinct Beijing-affiliated hacking syndicate known as Flax Typhoon.
It marks the most recent in a series of Chinese government-backed initiatives to combat telecommunications, ISPs, and other critical infrastructure sectors.
About Author
