FBI Asks for Help Tracking Chinese Salt Typhoon Actors

The FBI has appealed to the public for information which might help it to unmask the threat actors behind a notorious Chinese APT group.

Salt Typhoon (aka FamousSparrow, GhostEmperor, Earth Estries and UNC2286) is thought to be the work of China’s vast Ministry of State Security (MSS), and has been active since at least 2020.

It leapt to fame in November last year after a major intelligence gathering operation targeting US telecommunications companies was revealed by the authorities.

“Investigation into these actors and their activity revealed a broad and significant cyber campaign to leverage access into these networks to target victims on a global scale,” the FBI said in its Public Service Announcement (PSA).

“This activity resulted in the theft of call data logs, a limited number of private communications involving identified victims, and the copying of select information subject to court-ordered US law enforcement requests.”

Read more on Chinese hacking: Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US

In October, Donald Trump’s presidential campaign was told that the phones of Trump and VP JD Vance, as well as staff members from Kamala Harris’s 2024 presidential campaign, may have been compromised in the hack.

“FBI maintains its commitment to protecting the US telecommunications sector and the individuals and organizations targeted by Salt Typhoon by identifying, mitigating, and disrupting Salt Typhoon’s malicious cyber activity,” the PSA continued.

“If you have any information about the individuals who comprise Salt Typhoon or other Salt Typhoon activity, we would particularly like to hear from you.”

Any actionable information could qualify for a $10m reward from the US Department of State’s Rewards for Justice (RFJ) program. This offers cash in exchange for information on foreign state-linked threat actors who target US critical infrastructure, in violation of the Computer Fraud and Abuse Act (CFAA).