Cybersecurity
Exclusive

GAO mulls cost evaluation of nationwide telecom hardware replacement

One major vulnerability exploited by China’s Salt Typhoon hacking unit is a Cisco hardware flaw that can’t be patched and requires physical replacement, according to a person with knowledge of the intrusions.

US sanctions Chinese company that helped facilitate espionage hacks

Integrity Technology Group, known to researchers as Flax Typhoon, contracted with China’s Ministry of State Security to carry out infiltrations into internet of things devices, the FBI previously said.

Lawmakers request briefing from Treasury secretary on Chinese hack

The compromised third-party offering was a commercial remote services tool not listed in the marketplace for FedRAMP, the government’s cloud security compliance framework.

Chinese-sponsored hackers accessed Treasury documents in ‘major incident’

The incident comes in the final days of the Biden presidency and as officials work to root out China-tied hackers from U.S. telecommunications systems.

Major cyber news drops under the buzzer for 2024

A ninth U.S. telecommunications provider fell onto Salt Typhoon’s victim list, and the UN’s controversial cybercrime treaty was adopted.

Hundreds of organizations were notified of potential Salt Typhoon compromise

Some of the exploited vulnerabilities have had fixes available for several years. One provider’s management system was protected with a basic numeric password.

US charges Israeli-Russian national with making software for LockBit ransomware gang

LockBit has made headlines for years, allowing purveyors of its malware to haul away millions of dollars from victims.

Congress approves 2025 NDAA with important cyber provisions

Left out was language that would have helped clarify the scope and reach of a controversial surveillance power that was renewed in April.

CISA orders federal agencies to secure their cloud environments

Federal civilian agencies are compelled by the Binding Operational Directive to adopt specific cloud standards under SCuBA, a government blueprint that helps agencies assess cloud security security guidelines.

CISA issues updated draft of national cyber incident response plan

The NCIRP was first released in 2016. The updates include pathways for non-federal groups to get involved in responding to devastating cyberattacks.

Salt Typhoon attacks prompt talk of hacking back against China

In classified settings, lawmakers have often asked national security officials why American cyber forces don’t go on the attack more often, one senator said.

Agencies look to automation software to usher in next phase of post-quantum security

The Cybersecurity and Infrastructure Security Agency is working with select agencies to implement post-quantum cryptography, and will turn to vendors to further secure federal data.

Senate bill would require FCC to issue binding cyber rules for telecom firms

The measure from Sen. Ron Wyden, D-Ore. comes in the wake of Chinese-backed hackers breaching a swath of major telecommunications providers.

FY2025 NDAA targets spyware threats to U.S. diplomats, military devices

The language comes as the State department has pressed foreign governments to collectively set standards to prevent spyware abuses.

Lawmakers targeted in encrypted messaging phishing scam

Officials have been urging Americans and federal staff to pivot to encrypted messaging services amid a recent Chinese breach into telecommunications networks.

FCC proposes updates to wiretap security standards following Chinese telecom hacks

Several lawmakers have called for the agency to reform wiretap standards governed by the Communications Assistance for Law Enforcement Act, or CALEA.

At least 8 US carriers hit in Chinese telecom hacks, senior official says

The hacks carried out by the Salt Typhoon group impacted a couple dozen countries and may have been ongoing for one to two years, the official said.