Cyber experts have warned UK telecommunications firms and the wider industry must be ready for a barrage of cyber attacks as the Salt Typhoon hacker group claims yet more victims in the US.
Three further companies based in the US, Charter Communications, Consolidate Communications, and Windstream, have been added to the list of telecoms organizations compromised by the Chinese state-affiliated threat actor, according to the Wall Street Journal.
In December 2024, US security officials revealed Salt Typhoon was able to record private conversations of ‘senior political figures’ after compromising major telecom firms including Verizon, AT&T, and Lumen Technologies.
At the end of the month, Verizon and AT&T announced they had successfully removed the hackers from their IT environment, insisting that their networks were secure.
Elsewhere globally, cybersecurity experts have been watching the incident unfold with bated breath, with practitioners accelerating preparations for a looming onslaught of attacks.
Speaking to ITPro, Jamie Akhtar, CEO and co-founder of CyberSmart, warned that despite Salt Typhoon’s recent focus on entities in the US, the UK and other allies should be on high alert.
“Although Salt Typhoon has focused almost exclusively on US telcos thus far, their UK counterparts should be wary. The UK has long been a key ally of the US and, as a result, it’s impossible to rule out that state-sanctioned threats like Salt Typhoon could also be turned on British firms,” he said.
Akhtar added that there are previous notable examples of Chinese state-affiliated threat actors targeting UK infrastructure in the past, such as the APT31-led attacks in 2021.
Rob Pocock, technology director at Red Helix, cautioned that firms based outside the US should not be complacent and assume such attacks will exclusively focus on US-based companies.
The US’ global allies are a particularly appealing target for state-affiliated threat groups, he warned.
“It is highly misguided to assume advanced persistent threat actors like Salt Typhoon are only interested in the US. These threat groups are just as likely to target other nations, particularly US allies,” he warned.
“All critical infrastructure organizations should continue to expect to be targeted and take proactive steps to strengthen their own security – and that of their supply chains. Supply chains are often seen as the weakest link, but organizations can significantly reduce risks by ensuring their suppliers implement robust security measures.”
UK telcos are in the firing line for Salt Typhoon and others
Pocock added that UK telecoms firms represent a prime target for threat actors at present, especially amidst the country’s ongoing 5G SA roll-out.
However, regulations governing the integrity of telecoms firms such as the Telecommunications Security Act (TSA) may help ensure the country’s communications infrastructure is better protected.
“Telcos are right in the firing line when it comes to APT groups because of their critical role in the digital world. In the UK, the ongoing roll out of 5G SA may present different or new threat vectors for these groups to try and target,” he explained.
“Fortunately, telcos in the UK are already well-positioned to address these threats, thanks to their commitments to compliance with the Telecommunications Security Act (TSA) - a regulation designed with these challenges in mind.”
He argued that, instead of introducing entirely new security protocols, the TSA “reflects best practices already enabled within the industry” and compliance would simply help reinforce these existing procedures.
This, Pocock argued, should stand UK-based telcos in good stead in the face of increasingly sophisticated external cyber threats.
“By focusing on optimized toolsets and avoiding over-complication, telcos continue to maintain a high level of security, ensuring their systems are well-protected against evolving threats.”
During a press briefing on 27 December, Anne Neuberger, President Biden’s deputy national security advisor for cyber and emerging technology, said her UK counterparts argued these regulations would have meant the attack was detected and contained far more quickly.
“[T]heir comment to me was, ‘We would have found it faster, we would have contained it faster, it wouldn’t have spread as widely and have had the impact and been as undiscovered for as long had those regulations been in place.’
“And that’s a powerful message,” she recalled.
