In today’s Security Flash, founder Casey Ellis and America’s CISO Trey Ford are breaking down Salt Typhoon. This 20-minute video covers the background of Salt Typhoon, how it is impacting organizations, and potential future implications for security teams.

 

What is Salt Typhoon?

According to Trey, the best way to frame this conversation is to start with a quote from Bob Lord, former Yahoo CISO, “We work up against dedicated human adversaries who organize their work into campaigns.”

What does that mean, exactly? It means that these adversaries are humans just like us. They work for bosses with specified outcomes and ways they are measuring success.

There are many focused projects like silk typhoon, flax typhoon, and salt typhoon that are focused campaigns driving into US infrastructure with a variety of outcomes and measures of success. Salt Typhoon is getting a lot of buzz right now because it has a personal element. Salt Typhoon targeted nine telecommunications firms. It strikes home because everyone has a phone in their pocket or purse, and this compromise has the potential to get really personal information from people.

 

What happened?

This compromise started on the edge of the attack surface, as many attacks do. This makes sense when you think about it; organizations always secure their core infrastructure first. As many of these telecommunications companies acquired new infrastructure and companies and incorporated them into their business, it created an expanded attack surface. This new infrastructure often isn’t understood to the same level as an organization’s core infrastructure, and it runs on a different security stack. This means it is easier to target. In many cases, this edge attack surface was used as the initial point of intrusion. Once attacks were in, they were able to pivot out to other areas.

Currently, many of the telecommunications companies impacted are having a hard time getting the attackers out of their infrastructure. This is because most telecommunications firms have a diverse, vast technology stack. It is incredibly difficult to identify and fully eject attackers in these pervasive intrusions.


Now that you have some of the background, check out the whole video for more details on the attacks. Casey and Trey also share some actionable advice for defenders and those concerned about how these attacks impact them.