China-linked hacking group Salt Typhoon penetrated several U.S. internet service providers (ISPs) in recent months trying to access sensitive information, reported the Wall Street Journal.
The group dug into America’s broadband networks and aimed to establish a foothold within the infrastructure to access sensitive data or launch damaging cyberattacks.
The report comes a week after U.S. officials said they disrupted a group of hackers working at the direction of the Chinese government who targeted universities, government agencies, and other organizations.
The hacking campaign known as Flax Typhoon installed malicious software on more than 200,000 consumer devices, including cameras, video recorders, and home and office routers, to create a massive botnet — a network of infected computers. The botnet was used to facilitate cybercrimes, such as the theft of sensitive information from victims’ networks.
"Flax Typhoon’s actions caused real harm to its victims, who had to devote precious time to clean up the mess when they discovered the malware," FBI Director Christopher Wray said at the Aspen Cyber Summit.
The recent attack by Salt Typhoon was bold, said Glenn Gerstell, former general counsel at the National Security Agency.
"This would be an alarming — but not really surprising — expansion of their malicious use of cyber to gain the upper hand over the United States," he told the Journal.
"Now it seems they are penetrating the very heart of America’s digital life, by burrowing into major internet-service providers," he said.
Information from The Associated Press was used in this report.