(Image credit: Shutterstock)

---

• Salt Typhoon allegedly compromised emails of US House committee staffers on China, foreign affairs, and defense
• Scope of intrusion remains unclear; FBI and White House have not commented publicly
• Group is part of China’s “Typhoon” nexus, known for telecom breaches

---

Salt Typhoon, infamous Chinese state-sponsored threat actor known best for their incursions into western telecommunications companies, was found snooping on western communications once again.

This time, they were allegedly seen compromising emails used by staff members of “powerful committees in the US House of Representatives”. Earlier this week, the Financial Times reported on the findings, citing people familiar with the matter, and saying the attackers accessed email systems used by some staffers on the House China committee.

Furthermore, aides on panels covering foreign affairs, intelligence, and the armed forces were also targeted. Specific names were not disclosed, though.

Who are Salt Typhoon?

What’s also left unclear is the scope of the incident and the depth to which the attackers managed to penetrate systems. Apparently, it is unclear if the attackers accessed emails of elected officials, or just the staffers.

The FBI and the White House have not commented on the reports just yet, while the spokesperson for the Chinese Embassy, Liu Pengyu, called them “unfounded speculation and accusations”.

Salt Typhoon is a Chinese state-sponsored threat actor, and a part of a wider nexus of “Typhoon” groups - including Brass Typhoon, Volt Typhoon, and Flax Typhoon. These groups are tasked with cyber-incursions that align with Chinese state interests - cyber-espionage, data theft, and persistent access to critical infrastructure.

In October last year, cybersecurity researchers Darktrace said they saw Salt Typhoon targeting communications networks in Europe, and before that, they were seen breaching at least eight US telcos, including T-Mobile, Verizon, AT&T, and Lumen Technologies. Officials said Salt Typhoon’s victims are located in dozens of countries around the world, generally using stealthy techniques such as DLL sideloading and zero-day exploits."

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Whenever similar news breaks, the Chinese deny all allegations vehemently, and instead point the finger at the US, describing them as the world’s biggest cyber-bully.