Do Son 
The FBI has announced a reward of up to $10 million for information regarding the hacker group Salt Typhoon, which is believed to be linked to the Chinese government. The agency hopes to obtain intelligence about the group’s members and their intrusions into the networks of several American telecommunications companies last year. In addition to the monetary reward, the bureau promises relocation assistance and other support for informants.
Salt Typhoon is one among numerous groups operating on behalf of the Chinese government. According to intelligence agencies and private cybersecurity firms, this group has been implicated in a series of espionage operations aimed at gathering critical information that could prove valuable in the event of future military conflicts. The FBI’s investigation revealed that Salt Typhoon conducted a sweeping cyber campaign, using access to networks to launch attacks against victims worldwide. Stolen data included telephone call logs, a limited amount of victims’ personal communications, and portions of information held by American law enforcement in response to judicial subpoenas.
Active since at least 2019, the group is known by various aliases — RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286. Over the years, Salt Typhoon has orchestrated numerous attacks on telecommunications companies across several countries, including the United States. Approximately a year ago, the group’s activity surged dramatically. One of the most significant breaches involved the hacking of networks belonging to Verizon, AT&T, and Lumen/CenturyLink, as reported by The Wall Street Journal in October. According to the publication, hackers collected internet traffic from the networks of providers serving corporations and millions of American users.
As The Washington Post noted, during these attacks, Salt Typhoon may have gained access to court-ordered interception systems used by U.S. law enforcement agencies. Although no direct evidence was presented, sources indicated there were signs that such systems had been compromised. The FBI’s announcement of a reward effectively corroborates these concerns.
In December, officials from the Biden administration disclosed that the group had compromised telecommunications companies in dozens of countries, including eight U.S. operators — twice the number previously estimated. They reported that the intrusions may have persisted for one to two years, and at the time, there was no full assurance that the hackers had been completely expelled from the affected networks.
Researchers from Insikt Group revealed in February that Salt Typhoon’s campaign had continued into the new year, targeting internet-facing Cisco networking devices used by telecommunications operators. They exploited vulnerabilities CVE-2023-20198 and CVE-2023-20273, for which patches had been available for over a year.
To facilitate information sharing, even for residents within China’s heavily censored internet environment, the FBI has established a dedicated website on the dark web and opened a secure Signal line for submitting tips.
