A recent joint security guide has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) alongside several international cybersecurity agencies, including the NSA, FBI, and counterparts from Australia, Canada, and New Zealand. This guide comes in response to a series of cyberattacks that targeted major US telecommunications providers, such as AT&T and Verizon.
The attacks were attributed to a Chinese-backed advanced persistent threat (APT) group, known as Salt Typhoon, which has been actively breaching US telecommunications infrastructure. The joint publication aims to help communications service providers (CSPs) safeguard their systems from further compromises.
The Salt Typhoon campaign, which began earlier this year, involved sophisticated hacking techniques, allowing the threat actors to infiltrate the networks of several major US telcos. Once inside, the attackers stole sensitive customer data, including private call records, some of which were connected to individuals involved in government and political activities.
Additionally, the hackers accessed data under U.S. law enforcement jurisdiction, some of it related to ongoing investigations. These breaches have raised significant concerns about the growing role of state-backed cyber-espionage in targeting critical infrastructure.
The newly published security guide offers a comprehensive framework for telecommunications and other organizations to detect, defend, and respond to cyber threats. Key recommendations include monitoring for unusual behavior, addressing vulnerabilities, and securing system configurations. The guide also stresses the need for reducing attack surfaces by limiting the number of potential entry points for attackers.
Cybersecurity Agencies Issue Joint Guide to Combat Chinese-Backed Telecom Attacks
These steps are essential for preventing similar attacks in the future, especially those linked to nation-state actors like China. CISA’s Jeff Greene emphasized the critical importance of these actions for safeguarding not only businesses but also government agencies and national infrastructure.
In addition to the general guidance for CSPs, the document underscores the importance of Secure-by-Design principles in software development. This approach urges software manufacturers to integrate security features from the early stages of development to better protect against cyber threats.
The guide advocates for a collaborative effort between the public and private sectors to bolster cybersecurity defenses across industries. The FBI’s Bryan Vorndran further stressed the need for organizations to implement these recommended practices and report any suspicious activity to the FBI to ensure timely responses to emerging threats.
The security guide also provides detailed advice for network engineers, particularly those managing critical national infrastructure (CNI). It suggests actions such as closely monitoring for unauthorized configuration changes, limiting exposure of management traffic, and implementing strong network segmentation.
Specific instructions are included for securing Cisco devices, which were targeted by Salt Typhoon during its campaign. The document highlights the importance of securing routers, firewalls, and VPN gateways, as well as employing end-to-end encryption and anomaly detection systems. By following these guidelines, engineers can significantly reduce the risk of similar breaches in the future.
