- Security agencies issue joint statement warning Chinese tech firms may be indirectly collaborating with Salt Typhoon
- Salt Typhoon is a hacking group behind multiple high-profile attacks
- Group is thought to have serious links to Chinese government
A new joint cybersecurity advisory from the National Security Agency (NSA) and other agencies like CISA, the UK’s NCSC, Canada’s CSIS, Japan’s NPA and many more looks ti expose advanced persistent threat (APT) actors believed to be sponsored by the Chinese Government.
According to the advisory, Chinese firms have been providing products and services to China’s Ministry of State Security and the military – which in turn, it is claimed, props up hacking groups.
These threat actors target infrastructure like telecommunications, government, military, transport, and energy agencies – specifically in a global hacking campaign linked to the notorious Salt Typhoon group.
Supplying components
“The data stolen through this activity against foreign telecommunications and Internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targets’ communications and movements around the world,” the advisory warns.
Some of the firms named in the advisory, like Sichuan Juxinhe Network Technology Co. Ltd, have already been sanctioned for their ties to the group.
Other named companies include Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd, all of which are thought to be linked.
The report also outlines specific threat hunting guidance and mitigations against these groups, particularly in quickly patching devices, monitoring for unauthorized activity, and tightening device configuration.
Earlier in 2025, Salt Typhoon was discovered carrying out a cyber espionage campaign that breached multiple communications firms, with hackers lingering inside US company networks for months.
The group was observed abusing vulnerabilities in Microsoft Exchange Servers, which allowed them to breach networks and exfiltrate data. A fix for this flaw has been available for years, but research suggests that nearly 91% of the 30,000 affected instances remain un-patched – highlighting the importance of deploying effective patch management software.
China has always strenuously denied any ties to this group, and to any other cyber-espionage campaigns.