- Security agencies issue a joint declaration warning from Chinese technology companies can collaborate indirectly with Salt Typhoon
- Salt Typhoon is a hacking group behind several high -level attacks
- It is believed that the group has serious links with the Chinese government
A new joint cybersecurity opinion from the National Safety Agency (NSA) and other agencies such as the CISA, the British NCSC, the CSI of Canada, the Japanese NPA and many others seem to exhibit advanced persistent threats (APT) which would be sponsored by the Chinese government.
According to the lawyer, Chinese companies have provided products and services to the Ministry of Security of States and the Military – who, in turn, it is said, supports hacking groups.
These threat actors target infrastructure such as telecommunications, government, soldiers, transport and energy agencies – in particular in a world hacking campaign linked to the famous Salphon of Salt.
Supply of components
“The data stole this activity against foreign telecommunications and Internet service providers (ISP), as well as intrusions in the accommodation and transport sectors, can ultimately provide Chinese intelligence services with the ability to identify and follow the communications and movements of their targets in the world”, advisory warnings.
Some of the companies appointed to the Council, such as Sichuan Juxinhe Network Technology Co. Ltd, have already been sanctioned for their links with the group.
The other named companies include Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., which are considered to be linked.
The report also describes specific threat hunting advice and attenuations against these groups, in particular in rapid correction devices, monitoring of unauthorized activity and tightening the configuration of devices.
Earlier in 2025, Salt Typhoon was discovered to carry out a cyber-espionage campaign which violated several communication companies, pirates who lingered inside American business networks for months.
The group was observed abusing vulnerabilities in Microsoft exchange servers, which allowed them to violate networks and exfiltrate data. A corrective for this flaw has been available for years, but research suggests that almost 91% of the 30,000 affected instances are not provided – stressing the importance of deploying effective computing management software.
China has always denied links with this group and all other cyber-spying campaigns.
