The Consumer Financial Protection Bureau (CFPB), a U.S. government agency, has issued a warning to its employees advising them to restrict their cellphone usage for work-related matters. This directive comes in the wake of a cybersecurity breach of major telecommunication providers by a China-linked hacking group known as Salt Typhoon.
In an internal email sent on Thursday, the CFPB's chief information officer instructed staff to avoid conducting work-related conversations involving nonpublic data on both work-issued and personal phones. Instead, employees are encouraged to use secure platforms such as Microsoft Teams and Cisco WebEx for meetings and discussions.
The email emphasized, "Do NOT conduct CFPB work using mobile voice calls or text messages," referencing a recent government statement acknowledging the attack on telecommunications infrastructure. While there's no evidence that the CFPB has been directly targeted, the agency is taking precautionary measures to minimize potential risks.
Salt Typhoon, also known as FamousSparrow and GhostEmperor, is believed to be a state-sponsored hacking group with ties to China. In recent months, this group has successfully infiltrated several U.S. internet service providers as part of a cyber espionage campaign. Their primary objectives appear to be intelligence gathering and potentially carrying out disruptive cyberattacks.
Experts are currently investigating whether the hackers gained access to Cisco Systems routers, which are core components of ISP infrastructures. However, a Cisco spokeswoman stated that there is currently no indication of their routers being involved in the Salt Typhoon activity.
This recent campaign aligns with China's long-standing strategy of targeting global internet service providers. However, cybersecurity experts note a shift in Chinese nation-state actors' focus from merely stealing secrets to infiltrating critical U.S. infrastructure, potentially targeting the core of America's digital networks.
While Salt Typhoon's activities seem to be primarily focused on intelligence gathering, another China-linked group called Volt Typhoon has been associated with more disruptive attacks on infrastructure.
Chris Krebs from SentinelOne suggests that Salt Typhoon may be affiliated with China's Ministry of State Security, specifically the APT40 group known for intelligence collection. This group was publicly identified by the U.S. and its allies in July for its hacking activities.
As investigations continue, government agencies like the CFPB are taking proactive steps to protect sensitive information and reduce vulnerability to potential cyber threats. The situation underscores the growing importance of cybersecurity measures in an increasingly interconnected digital landscape.