What Is Salt Typhoon, Chinese Espionage Group That Targeted Donald Trump

Chinese hackers have targeted the communication devices of US presidential candidates, including former President Donald Trump and his running mate, JD Vance. This sophisticated hacking attempt was reportedly orchestrated by a Chinese cyber espionage group known as 'Salt Typhoon'. According to the New York Times, the group infiltrated telecommunication networks and may have accessed critical data from major service providers, including Verizon.

According to reports, Salt Typhoon's targets in the US include not only Trump's campaign but also Democratic contenders, including Vice President Kamala Harris and her running mate Tim Walz. 

The attack on Verizon's infrastructure is considered part of a broader Chinese intelligence-gathering campaign. Although it remains uncertain whether the hackers succeeded in extracting specific communications, US federal agencies are now working to uncover the nature and extent of any data breach. "We are aware that a highly sophisticated nation-state actor has reportedly targeted several US telecommunications providers to gather intelligence," Rich Young, a spokesperson for Verizon, told news agency AFP. 

Who Is Salt Typhoon?

Salt Typhoon, the designation coined by Microsoft's cybersecurity team, is a group of state-sponsored Chinese hackers. Microsoft labels Chinese hacker groups with the term "typhoon," while using "sandstorm" for Iranian and "blizzard" for Russian cyber actors. The term "salt" in this context denotes the group's specialised focus on counterintelligence rather than conventional cybercrime involving corporate data theft or financial fraud.

Salt Typhoon's operations appear exclusively aimed at collecting intelligence on critical American assets and institutions, especially during sensitive political seasons. In this case, Salt Typhoon targeted specific phone numbers linked to top political figures and their staff, as well as individuals with deep governmental ties. 

U.S. officials are still in the early stages of assessing the full scope of the Salt Typhoon breach. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint statement acknowledging the severity of the threat, confirming that US government agencies are actively engaged in "investigating the unauthorised access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China."

In their statement, the FBI and CISA said that ongoing collaborative efforts with private sector companies are underway to bolster cybersecurity defences. "After the FBI identified specific malicious activity targeting the sector, the FBI and CISA immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims," the agencies said.

A significant concern is that Salt Typhoon may have obtained critical metadata, which can be as revealing as actual content in intelligence terms. For instance, metadata related to call patterns, times, and frequencies can reveal insights into relationships, strategic discussions, and even security vulnerabilities in communication channels. For Chinese intelligence, this data could provide clues about the inner workings and key figures in US decision-making circles, especially in the lead-up to the 2024 election.