In addition to generous rewards, US authorities are also promising assistance to potential informants with relocation to the USA. Law enforcement is particularly interested in specific Salt Typhoon members and details of the attack delivered last year against a number of US telecommunications companies.
“Investigation into these actors and their activity revealed a broad and significant cyber campaign to leverage access into these networks to target victims on a global scale. This activity resulted in the theft of call data logs, a limited number of private communications involving identified victims, and the copying of select information subject to court-ordered US law enforcement requests,” – FBI Internet Crime Complaint Center.
Salt Typhoon (also known as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286) has been active since at least 2019. Over the past years, Salt Typhoon repeatedly attacked telecommunications companies around the world, including the USA.
The most notorious Salt Typhoon attack mentioned by the FBI was discovered in the fall of 2024. According to The Wall Street Journal, the hacker group had compromised several major telecommunications companies, including such industry giants as Verizon, AT&T, Lumen Technologies, and T-Mobile.
As authorities reported at the time, the attack involved an ‘extensive Internet traffic collection campaign’ targeting companies serving various organizations and millions of ordinary Americans.
As a result, the PRC-affiliated hacker group stole data on calls and messages of certain individuals (involved in government and political activities) and information about law enforcement requests to telecommunications companies; what’s worse, Salt Typhoon gained access to a wiretapping platform used by US law enforcement services.