
In addition to generous rewards, US authorities are also promising assistance to potential informants with relocation to the USA. Law enforcement is particularly interested in specific Salt Typhoon members and details of the attack delivered last year against a number of US telecommunications companies.
“Investigation into these actors and their activity revealed a broad and significant cyber campaign to leverage access into these networks to target victims on a global scale. This activity resulted in the theft of call data logs, a limited number of private communications involving identified victims, and the copying of select information subject to court-ordered US law enforcement requests,” – FBI Internet Crime Complaint Center.
Salt Typhoon (also known as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286) has been active since at least 2019. Over the past years, Salt Typhoon repeatedly attacked telecommunications companies around the world, including the USA.
The most notorious Salt Typhoon attack mentioned by the FBI was discovered in the fall of 2024. According to The Wall Street Journal, the hacker group had compromised several major telecommunications companies, including such industry giants as Verizon, AT&T, Lumen Technologies, and T-Mobile.
As authorities reported at the time, the attack involved an ‘extensive Internet traffic collection campaign’ targeting companies serving various organizations and millions of ordinary Americans.
As a result, the PRC-affiliated hacker group stole data on calls and messages of certain individuals (involved in government and political activities) and information about law enforcement requests to telecommunications companies; what’s worse, Salt Typhoon gained access to a wiretapping platform used by US law enforcement services.

2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.01.23 — Fake Telegram CAPTCHA forces users to run malicious PowerShell scripts
Hackers used the news of Ross Ulbricht pardoning to lure users to a rogue Telegram channel where they are tricked into running malicious PowerShell code. This…
Full article →
2025.04.16 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet
All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →