Threat Intelligence Tarot
swords · 6
China (MSS-linked)
G1043★★★★★
risk 5/5
✦ The Wire ✦
Salt Typhoon
FamousSparrow · GhostEmperor · UNC2286 · Earth Estries
US telecomsAT&TVerizonT-MobilePolitical campaignsCALEA wiretap systems
Active since ~2019 · Telecommunications interception, Lawful intercept system access, Senior official surveillance
It did not hack phones. It hacked the systems that let the government legally tap phones - and then read everything. The Wire sat inside American telecommunications infrastructure for months, reading the communications of officials who believed they were using secure government intercept systems.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
Notable Operations
- ◆Breach of AT&T, Verizon, T-Mobile CALEA wiretap systems (2024)
- ◆Access to US presidential campaign communications
- ◆Over 8 US telecom companies compromised
- ◆Called 'the worst telecom hack in US history' by officials
Defenses
- ▸Network device firmware patching and hardening (Cisco, Juniper)CIS Control 7 ↗
- ▸End-to-end encrypted communications for sensitive discussionsNIST SP 800-177 ↗
- ▸Zero-trust segmentation of telecom management interfacesNIST CSF: PR.AC ↗
- ▸Monitoring and access controls on lawful intercept infrastructureCISA telecom guidance
Reversed: Their Weakness
Salt Typhoon's access to CALEA intercept infrastructure was so significant it prompted the FBI to advise Americans to use end-to-end encrypted messaging - a remarkable public admission that the interception systems themselves could not be trusted.
Share this adversary profile
swipe to browse
Related Adversaries
Data sourced from MITRE ATT&CK. For educational purposes.