CISA clocked Salt Typhoon in federal networks before telecom intrusionsCISA clocked Salt Typhoon in federal networks before telecom intrusions

The Cybersecurity and Infrastructure Security Agency spotted Salt Typhoon on federal networks before defenders discovered the China-sponsored threat group intruded into U.S. telecom systems, Director Jen Easterly said Wednesday.

CISA’s sleuthing “enabled law enforcement to unravel and ask for process on virtual private servers,” Easterly said during an onstage interview at the Foundation for Defense of Democracies. Details gathered from that investigation and response allowed CISA to discover Salt Typhoon and its activities, Easterly said.

The widespread compromise of U.S. telecom networks, spanning at least 9 companies, was part of a campaign that went undetected for months and has been underway for up to two years, U.S. officials said last month. Federal cyber authorities are still struggling to contain and determine the scope of damage caused by the sweeping attacks on critical infrastructure.

Easterly declined to say when or how CISA observed the malicious activity but noted it occurred before the agency understood it to be the threat group later designated as Salt Typhoon.

“We saw it as a separate campaign called another goofy name, and we were able to, based on the visibility that we had within the federal networks, to be able to connect some dots over two separate entities within the federal civilian executive branch,” Easterly said.

CISA’s observations didn’t prevent Salt Typhoon from attacking the telecom networks en masse, but Easterly presented the agency’s threat hunting and intelligence gathering capabilities as an example of intra-government and public-private collaboration improvements made under her stewardship of the agency.

Easterly is scheduled to step down as CISA director when the President-elect Donald Trump takes office next week.

To read the complete article, visit Cybersecurity Dive.