#salt-typhoon — Public Fediverse posts

Salt Typhoon nella PA italiana: Sistemi Informativi di IBM violata per due settimane, il cyberspionaggio cinese entra nella supply chain dello Stato

https://insicurezzadigitale.com/salt-typhoon-nella-pa-italiana-sistemi-informativi-di-ibm-violata-per-due-settimane-il-cyberspionaggio-cinese-entra-nella-supply-chain-dello-stato/

Can anyone from the @signalapp team, the @eff, or #cdnpoli (maybe Hon. @Paulatics?) offer insights on how to best frame opposition this anti-privacy (anti #E2EE) #SaltTyphoon serving bill for Parliamentarians of each party?

It is essential to Canadian's rights and security that bill #C22 be defeated.

https://action.openmedia.org/page/188754/action/1

#suerveillance #privacy #infosec

Banning New Foreign #Routers Mistargets Products to Fix Real Problem
#FCC cited “security gaps in foreign-made routers” leading to widespread #cyberattacks as justification for the ban, mentioning the high-profile attacks by #China's advanced persistent threat actors Volt, Flax, and #SaltTyphoon. In addition to being far too broad, it won’t even affect many vulnerable devices that are most active in these types of attacks: #IoT and connected #smarthome devices.
https://www.eff.org/deeplinks/2026/04/banning-new-foreign-routers-mistargets-products-fix-real-problem

#FCC bans import of consumer #routers not made in #US over security threat — agency says foreign-made devices pose ‘unacceptable risk’ to US persons
Blamed foreign-made routers for Volt, Flax, and #SaltTyphoon #cyberattacks that hit critical American infrastructure, “routers in the #UnitedStates must have trusted supply chains so we are not providing foreign actors with a built-in backdoor to American homes, businesses, #criticalinfrastructure, and emergency services.” https://www.tomshardware.com/networking/routers/fcc-bans-import-of-new-consumer-routers-not-made-in-the-us-over-security-threat-agency-says-foreign-made-devices-pose-unacceptable-risk-to-us-persons

#SaltTyphoon is hacking the world’s phone and internet giants — here’s everywhere that’s been hit

https://techcrunch.com/2026/03/09/salt-typhoon-china-who-has-been-hacked-global-telecom-giants/

#cybersecurity #China

@as400 @khalid @postmarketOS I'm daily driving a #Librem5 with #postmarketOS and I've tested reliable voice calling successfully with multiple carriers in two counties. Also, tested with #PureOS.

Owners of older units may need to upgrade modem firmware and enable VoLTE manually. The real problem in my limited knowledge is carriers are blocking devices which are not on their 'approved list' or which they think are not VoLTE capable.

Another, bigger questions is: why are people still using unencrypted legacy voice calls for personal communications in 2026?

#SaltTyphoon

Watching talks on AI and Security at NTCA RTime this week. Wondering what if anything the co-ops are going to have to say about #CALEA and #SaltTyphoon

Any questions I should ask the presenters?

Maybe what, if any, help they're getting from #CISA

#Telecom

Senator says #ATT , #Verizon blocking release of #SaltTyphoon #security assessment reports-Reuters

Dem Sen #Cantwell said Verizon & AT&T are blocking release of key docs about an alleged massive #Chinese #spying operation that infiltrated US #telecom networks known as Salt Typhoon & wants their CEOs to appear before Congress to answer questions

Cantwell asked both companies to turn over security assessments conducted by Alphabet #cybersecurity unit #Mandiant
#privacy

https://www.reuters.com/business/media-telecom/senator-says-att-verizon-blocking-release-salt-typhoon-security-assessment-2026-02-03/

🧵2/2
...End-to-end encryption without backdoors is more secure than encryption with backdoors. Communications systems that no government can access are also communications systems that adversary governments cannot access. The tradeoff is between absolute security for everyone, including criminals, and compromised security for everyone, including governments.

Salt Typhoon demonstrated that compromised security for everyone means exactly that."
https://shanakaanslemperera.substack.com/p/the-inverted-panopticon

#SaltTyphoon

"Salt Typhoon provided the empirical refutation. The backdoors existed. The adversary found them. The surveillance apparatus built for Western law enforcement became an intelligence collection platform for Chinese intelligence.

The policy implications are uncomfortable for governments that have spent decades demanding exactly the access mechanisms that Salt Typhoon exploited.

The resolution is not complex, only politically difficult.
🧵1/2

#SaltTyphoon

Scope Of Chinese ‘Salt Typhoon’ Hack Keeps Getting Worse, As Trump Dismantles U.S. Cybersecurity Defenses

https://fed.brid.gy/r/https://www.techdirt.com/2026/01/09/scope-of-chinese-salt-typhoon-hack-keeps-getting-worse-as-trump-dismantles-u-s-cybersecurity-defenses/

#SaltTyphoon pair attended #Cisco cyber school, expert claims
SentinelLabs linked #YuYang and #QiuDaibing, two alleged members of #China's state #hacking group, to participants of the 2012 Cisco Networking Academy Cup.
The initiative is still going today. It typically runs for a few months and is geared toward beginners learning foundational #cybersecurity skills, which are then tested in competitions like capture the flag events.
https://www.theregister.com/2025/12/11/salt_typhoon_cisco_training/

Two former Cisco Networking Academy students have been linked to the Salt Typhoon campaign, which has compromised 80+ global telecom providers. Investigators say the attackers used technical skills learned directly from Cisco’s curriculum to target IOS and ASA devices.

This case reignites debate over whether corporate training programs in politically tense regions may inadvertently strengthen future threat actors.

Source: https://cybersecuritynews.com/chinese-hackers-attacking-cisco-devices/

Curious how the community views this risk.
Follow TechNadu for more verified cybersecurity reporting.

#CyberSecurity #Infosec #CiscoSecurity #ThreatIntel #SaltTyphoon #TelecomSecurity #SecurityResearch

"Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.

That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.

That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others."

https://www.wired.com/story/2-men-linked-to-chinas-salt-typhoon-hacker-group-likely-trained-in-a-cisco-academy/

#CyberSecurity #China #SaltTyphoon #StateHacking #Cisco #CiscoAcademy

2 Men Linked to China’s #SaltTyphoon #Hacker Group Likely Trained in a #Cisco ‘Academy’

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign.
#security #China

https://www.wired.com/story/2-men-linked-to-chinas-salt-typhoon-hacker-group-likely-trained-in-a-cisco-academy/

#FCC Rescinds Biden-Era Cyber Rule Meant to Address #SaltTyphoon
The repealed rules required carriers to secure their networks and submit an annual certification of a robust #cybersecurity plan, relying on the authority of the 1994 Communications Assistance for Law Enforcement Act.
Lawmakers and FCC Commissioner Anna Gomez criticized vote, saying it leaves country less secure and that efforts should be focused on enhancing cybersecurity protections
https://www.bloomberg.com/news/articles/2025-11-20/fcc-rescinds-biden-era-cyber-rule-meant-to-address-salt-typhoon
https://archive.ph/1deIL

Kidergarten-level telecom hacks, back on the menu. Broadcast engineers know better anyway. Got it. Go get 'em radiomans #salttyphoon #fcc #nincompoopery

Australien 🇦🇺 : Geheimdienstchef warnt vor chinesischen Hackern | heise online https://www.heise.de/news/Australien-Geheimdienstchef-warnt-vor-chinesischen-Hackern-11075137.html #Hacking #CyberCrime #KRITIS #SaltTyphoon #VoltTyphoon #China 🇨🇳

Trump Cybersecurity Policy Is Indistinguishable From A Foreign Attack

https://fed.brid.gy/r/https://www.techdirt.com/2025/11/07/trump-cybersecurity-policy-is-indistinguishable-from-a-foreign-attack/

@Sxan I'm not in the US, but #Librem5 works with carrier T-Mobile and Purism's Awesim according to their wiki and forums.

I'm daily driving Librem 5 with #postmarketOS (stable - phosh) and everything critical for my use case works: VoLTE calls and SMS (although I avoid both now since #SaltTyphoon), 4G data, Wi-Fi, basic camera, GPS navigation using #PureMaps, latest apps from #Flathub, web browsing using Firefox-ESR, e2ee messaging and calling using Signal Desktop, DeltaChat, Matrix, XMPP, etc. and of course my most used feature, the headphone jack!

What does not work is recording sound in videos, although recording sound itself using Sound Recorder works, just not in videos.

Correctin: Recording sound in videos does work on L5 both on pmOS and PureOS.

#FCC will vote to scrap #telecom #cybersecurity requirements
The commission’s Republican chair #BrendanCarr, who voted against the rules in January, calls them ineffective and illegal.
With Carr moving to undo Rosenworcel’s actions, it is unclear how the FCC plans to continue to exercise cybersecurity oversight of telecom carriers.
https://www.cybersecuritydive.com/news/fcc-cybersecurity-telecommunications-carriers-brendan-carr-eliminate-rules/804259/

I am sure #SaltTyphoon and other #APT have packed their bags on gone back to their mother's basements and this isn't an issue anymore.

@Satiah I'm also daily driving a #Librem5 with most important think working for my use case: Volte calls and SMS (although I avoid both since #SaltTyphoon), 4G data, Wi-Fi, web browsing on Firefox, email, e2ee messaging and calls using #SignalApp, #DinoIM (XMPP), latest apps from Flathub, and of course the headphone jack!

#PureOS offers a solid, stable experience but in case you want to try something else, #postmarketOS (with phosh, KDE Plasma, Gnome, SXMO) and #Mobian also work on the Librem 5.

📰 Chinese APT Salt Typhoon Targets European Telecom with SNAPPYBEE Backdoor

⚠️ Chinese APT Salt Typhoon targeted a European telecom, exploiting a Citrix flaw to deploy the SNAPPYBEE backdoor. Attackers used DLL side-loading with AV executables to evade detection. #APT #SaltTyphoon #CyberEspionage #China

🔗 https://cyber.netsecops.io/articles/china-linked-apt-salt-typhoon-targets-european-telecom/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

New Salt Typhoon Attacks Leverage Zero-Days and DLL Sideloading https://gbhackers.com/salt-typhoon-attacks/ #CyberSecurityNews #cybersecurity #SaltTyphoon #ZeroDay