
U.S. Government Scrutinizes Tech Giants Over China-Linked Cyber Threat “Salt Typhoon”
A new level of scrutiny is being directed at a sophisticated, China-linked hacking group known as “Salt Typhoon,” with U.S. lawmakers now demanding detailed information from tech giants like Google about the full scope of their cyber operations against American targets. This escalating pressure highlights growing concerns over national security and the vulnerability of critical infrastructure.
At the center of this inquiry is a formal request from a U.S. Senator for an unvarnished look at the data collected by Google’s Threat Analysis Group (TAG) regarding Salt Typhoon’s activities. The concern is that public reports may not capture the full, unfiltered picture of the threat, and lawmakers require this raw intelligence to assess the nation’s defensive posture.
Who is Salt Typhoon?
Salt Typhoon is not a typical cybercriminal outfit. U.S. intelligence agencies and cybersecurity firms identify it as a state-sponsored hacking group operating on behalf of the People’s Republic of China (PRC). Their primary objective is not financial gain but espionage and intelligence gathering, with a focus on gaining long-term, persistent access to sensitive networks.
This group has been linked to a series of attacks targeting a wide range of sectors in the United States, including:
- Government agencies
- Telecommunications companies
- Defense contractors
- IT service providers
The ultimate goal appears to be prepositioning for future operations, potentially enabling them to disrupt critical communications and services during a crisis or conflict.
The “Living Off the Land” Tactic: A Stealthy Danger
What makes groups like Salt Typhoon particularly insidious is their heavy reliance on a technique known as “living off the land” (LotL). Instead of deploying custom malware that can be easily flagged by antivirus software, these hackers use legitimate tools and processes already present on the target’s network.
By using built-in network administration tools—like PowerShell and Windows Management Instrumentation (WMI)—their malicious activity blends in with normal IT operations. This makes them incredibly difficult to detect, allowing them to remain hidden within a network for extended periods, silently stealing data and mapping out the system architecture. This stealthy approach is a hallmark of advanced persistent threats (APTs) focused on long-term espionage.
Why the Demand for More Data?
The push for more information from Google and other tech companies stems from a critical need for transparency and collaboration. While cybersecurity reports are valuable, they are often curated summaries. Lawmakers argue that access to the underlying data—such as specific indicators of compromise, targeted IP addresses, and observed attack vectors—is essential for the U.S. government to:
- Fully understand the scale and severity of the threat.
- Identify potential gaps in national cyber defenses.
- Hold foreign adversaries accountable for malicious cyber campaigns.
- Develop more effective strategies to protect critical infrastructure.
This represents a broader effort to bridge the intelligence gap between private sector threat discovery and public sector national security response.
How to Defend Against Advanced Cyber Threats
While nation-state actors are formidable, organizations are not defenseless. Protecting against stealthy threats like Salt Typhoon requires a proactive and layered security strategy.
- Assume a Breach: Operate under the assumption that determined attackers may already be inside your network. This mindset shifts focus from prevention alone to rapid detection and response.
- Monitor for Anomalous Behavior: Since LotL attacks use legitimate tools, focus on detecting unusual behavior. Monitor for administrative tools being used at odd hours, from unusual workstations, or to perform atypical commands. This is a critical signal of a potential compromise.
- Implement the Principle of Least Privilege: Ensure that users and accounts only have the minimum level of access necessary to perform their jobs. This contains the damage an attacker can do if they compromise an account.
- Enhance Network Segmentation: By dividing your network into smaller, isolated segments, you can prevent attackers from moving laterally across your entire system after an initial breach.
- Conduct Regular Security Audits: Proactively hunt for threats within your network. Regular audits and penetration testing can help uncover hidden intruders before they achieve their objectives.
The ongoing confrontation over Salt Typhoon’s activities underscores the evolving landscape of cyber warfare, where the front lines are often managed by private tech companies. The call for greater data sharing between the private and public sectors is a clear signal that a unified defense is seen as the only viable path forward in protecting national security interests.
Source: https://go.theregister.com/feed/www.theregister.com/2025/07/25/senator_mandiant_salt_typhoon_demands/