In today’s digital age, it’s become increasingly apparent that many individuals share details of their lives online, whether intentionally or inadvertently. This has created an opportunity for various entities, particularly state actors, to engage in surveillance of internet activity. One such actor is China, which has reportedly intensified its efforts to monitor the online behaviors of users, especially in major metropolitan areas, through sophisticated spyware tactics.
According to insights from Microsoftās Threat Intelligence teams, China has successfully infiltrated several Internet Service Providers (ISPs) to conduct extensive surveillance. This malicious entity, identified as Salt Typhoonāalso known by monikers such as Ghost Emperor, Sparkling Cockroach, or Famous Sparrowāhas become a significant focus of cybersecurity concerns.
The origins of Salt Typhoon’s operations trace back to an initial breach of Cisco routers, which served as a gateway for monitoring internet activities occurring through these devices. Once access was gained, the threat actor expanded its reach into additional routing networks, as reported by sources close to the investigation.
In October 2021, the Russian cybersecurity firm Kaspersky unveiled that the group known as Famous Sparrow had been targeting businesses across Southeast Asia, utilizing a sophisticated toolkit named Demodex. This campaign marked the beginning of a broader operational footprint that has since extended to countries such as Vietnam, Indonesia, Thailand, Malaysia, Egypt, Ethiopia, and Afghanistan.
While the full scope of Salt Typhoon’s capabilities remains uncertain, there are concerns regarding its potential to develop a network of botnets capable of launching Distributed Denial of Service (DDoS) attacks. Recently, South African tech service provider Sygnia identified a dormant network of botnets lurking on the dark web, believed to be aligned with Chinese intelligence efforts.
The geopolitical landscape between North America and China has notably deteriorated in recent years, particularly following the election of former President Donald Trump in 2016. In this tense environment, monitoring the internet activities of U.S. citizens could provide valuable insights into various facets of American lifeāeconomic, political, and financialāthat would be of strategic interest to China.
Consequently, Salt Typhoon may represent one of China’s cyber weapons, strategically crafted to fulfill its intelligence-gathering objectives and enhance its influence on the global stage.