Dive Brief:
- The FBI said it wants the public’s help finding Chinese hackers behind the massive cyberattack campaign against U.S. telecommunications providers.
- An April 24 bulletin from the bureau asked for “any information” on the hackers behind the China-affiliated Salt Typhoon’s intrusion campaign and on those attackers’ activities.
- The alert reflects the government’s reliance on voluntary cyber-incident reporting.
Dive Insight:
Salt Typhoon, one of the most sophisticated foreign cyber campaigns ever directed at U.S. networks, has prompted intense government efforts to identify the full scope of the compromise, lock down affected networks and harden defenses.
With U.S. officials warning that the campaign is likely far broader than what they have uncovered, the recent FBI bulletin suggests that the government still needs more details about China’s operation. “If you have any information about the individuals who comprise Salt Typhoon or other Salt Typhoon activity,” the bureau wrote, “we would particularly like to hear from you.”
The alert is also notable for its announcement that the FBI has placed a $10 million bounty on the heads of the Chinese government-backed hackers, offering a massive reward for anyone who shares information leading to their arrest.
Salt Typhoon targeted telecommunications networks, which until recently were not subject to any incident-reporting requirements. The FCC only finalized reporting rules in March 2024. The Cybersecurity and Infrastructure Security Agency (CISA) is still working on a final version of a broader incident-reporting mandate that would also cover the telecom industry.
It’s unclear how many private conversations the FBI has had with telecom executives about Salt Typhoon in recent months. The bureau has been rocked by turmoil in the new Trump administration, which sidelined the head of the FBI branch that oversees the Cybersecurity Division. The FBI’s request for tips suggests a desire to supplement the direct assistance from telecom companies. Those companies have said that they have worked closely with U.S. authorities in investigating and remediating the attacks.
Telecom security has largely lurked in the background of discussions about U.S. critical infrastructure vulnerabilities, with sectors like water and health-care receiving more attention in the past few years. But Salt Typhoon highlighted the telecom industry’s vulnerabilities, from aging computer systems to poor network management after decades of mergers.
Sen. Ron Wyden (D-Ore.) recently placed a hold on Trump’s nominee to lead CISA and said he would continue to block a vote until CISA releases a report on telecom security.
