Salt Typhoon, linked to Yuyang (余洋) and Qiu Daibing (邱代兵), compromised more than 80 telecommunications companies worldwide to collect unencrypted calls and texts and to breach CALEA lawful-intercept systems. The report traces the operators to participation in the Cisco Networking Academy and a 2012 Cisco Network Academy Cup, highlighting how vendor training programs can inadvertently enable offensive capabilities against those vendors’ products. #SaltTyphoon #Cisco
Keypoints
- Salt Typhoon penetrated over 80 telecommunications companies globally, conducting widespread intelligence collection including unencrypted calls and texts of US presidential candidates, staffers, and China experts.
- The operation also breached CALEA lawful-intercept systems embedded in telecommunications infrastructure, expanding the scope beyond simple eavesdropping.
- The campaign is tied to operators Yuyang (余洋) and Qiu Daibing (邱代兵), who are co-owners or closely associated with Beijing Huanyu Tianqiong and Sichuan Zhixin Ruijie and filed patents together.
- Investigators trace both operators back to participation in the Cisco Networking Academy and success in the 2012 Cisco Network Academy Cup while students at Southwest Petroleum University.
- The case illustrates how vendor training and product academies can unintentionally build local offensive expertise capable of targeting those vendors’ products.
- Policy implications include reinforcing hands-on competency-based hiring for cybersecurity roles and reassessing risks of foreign training initiatives as China pursues replacing American IT with domestic alternatives.
MITRE Techniques
- No MITRE ATT&CK techniques were explicitly mentioned in the article.
Indicators of Compromise
- No specific Indicators of Compromise (IP addresses, file hashes, domains, or filenames) were provided in the article.