FBI Offers 10 million USD for information on Salt Typhoon members

📟 News

Date: 29/04/2025

The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year’s attack that had compromised multiple US telecommunications companies.

In addition to generous rewards, US authorities are also promising assistance to potential informants with relocation to the USA. Law enforcement is particularly interested in specific Salt Typhoon members and details of the attack delivered last year against a number of US telecommunications companies.

“Investigation into these actors and their activity revealed a broad and significant cyber campaign to leverage access into these networks to target victims on a global scale. This activity resulted in the theft of call data logs, a limited number of private communications involving identified victims, and the copying of select information subject to court-ordered US law enforcement requests,” – FBI Internet Crime Complaint Center.

Salt Typhoon (also known as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286) has been active since at least 2019. Over the past years, Salt Typhoon repeatedly attacked telecommunications companies around the world, including the USA.

The most notorious Salt Typhoon attack mentioned by the FBI was discovered in the fall of 2024. According to The Wall Street Journal, the hacker group had compromised several major telecommunications companies, including such industry giants as Verizon, AT&T, Lumen Technologies, and T-Mobile.

As authorities reported at the time, the attack involved an ‘extensive Internet traffic collection campaign’ targeting companies serving various organizations and millions of ordinary Americans.

As a result, the PRC-affiliated hacker group stole data on calls and messages of certain individuals (involved in government and political activities) and information about law enforcement requests to telecommunications companies; what’s worse, Salt Typhoon gained access to a wiretapping platform used by US law enforcement services.

Related posts:
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers

Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…

Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud

Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…

Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers

Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…

Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud

ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…

Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer

Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…

Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs

According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…

Full article →
2025.03.20 — 8,000 vulnerabilities identified in WordPress ecosystem in 2024

According to Patchstack, world's #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins…

Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced

Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…

Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI

The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…

Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers

Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…

Full article →