About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (October 28, 2024)

handle is hein.crs/goverdb0001 and id is 1 raw text is: Congressionol Research Service Informing the IegisI9tive debate since 1914 Updated October 28, 2024 Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications In early October 2024, media outlets reported that People's Republic of China (PRC) state-sponsored hackers infiltrated United States telecommunications companies (including internet service providers). This is not the first time that the PRC has attacked the U.S. communications sector-and reflects a pattern of targeting the sector for both its role in enabling other sectors, and also the value of the systems and data contained within the sector itself. The methods used by the PRC hackers in the attack have not been publicly disclosed, nor have the specific systems or data that were targeted. But, public reporting suggests that the hackers may have targeted the systems used to provide court-approved access to communication systems used for investigations by law enforcement and intelligence agencies. PRC actors may have sought access to these systems and companies to gain access to presidential candidate communications. The White House reportedly established a Cyber Unified Coordination Group (Cyber UCG) on October 8, 2024, to coordinate responses to the hacking. This In Focus discusses PRC cyber actors as well as broader cybersecurity and risk management considerations for Congress. PRC Hackers: The Typhoons The U.S. Intelligence Community (IC) assesses that the PRC is the most active and persistent cyber threat to U.S. institutions. The Office of the National Cyber Director has highlighted China's ambitions to hold at risk U.S. and allied critical infrastructure, shape U.S. decision-making in a time of crisis, and use cyber capabilities to augment PRC geopolitical objectives. Typhoon is the moniker Microsoft Corporation assigns to attributed threat actors with PRC state sponsorship-a moniker the U.S. government also adopts. There are three publicly disclosed Typhoon threat actor groups. * Volt Typhoon. These actors use a technique known as living off the land, which involves using built-in tools on the target network to execute objectives without installing malware (which may be detected). Volt Typhoon has been known to target United States critical infrastructure entities. The IC assesses that Volt Typhoon's targeting of these companies carries limited espionage potential, and is instead part of an effort to prepare to disrupt U.S. infrastructure. * Flax Typhoon. These actors are associated with PRC information security companies that take directions from the PRC government. They target Taiwan and U.S. critical infrastructure domestically and abroad. Flax Typhoon actors also use living off the land techniques, and have compromised hundreds of internet-of-things (IOT) devices to create a botnet that they used to carry out attacks. The U.S. government said that it had disrupted one such botnet in September 2024. * Salt Typhoon. These actors are reportedly responsible for the compromise of U.S. telecommunications companies reported in October 2024. They appear to have conducted counterintelligence operations, seeking information on PRC targets that the United States may be surveilling. To date, the U.S. government has not released official confirmation of the attack, nor this group. Consderatons for Pocymakers Members of Congress in the House and Senate have expressed concerns over these breaches and have called on U.S. companies and federal agencies to provide information about the incident. Congress might also consider oversight of the executive branch's response, particularly the immediate response and discovery of the incident, as the incident raises concerns about the privacy of Americans' communications, the security of critical infrastructure, and cybersecurity deterrence policy. There are other areas policymakers may be interested in, such as the role and use of the Cyber UCG, the Cyber Safety Review Board (CSRB), Sector Risk Management Agencies (SRMAs), and preparedness activities. Cyber UCGs The concept of a Cyber UCG comes from Presidential Policy Directive 41 (PPD-41) and its accompanying annex, which states that a Cyber UCG is to be stood up under the auspices of the National Security Council (NSC) to coordinate the development and implementation of United States Government policy and strategy with respect to significant cyber incidents affecting the United States or its interests abroad. Recent Cyber UCGs have been used in events to coordinate whole-of-government responses that

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most