The US Federal Bureau of Investigation (FBI) has announced a reward of up to $10 million for information on the Chinese hacker group Salt Typhoon, which hacked the networks of leading US telecommunications companies in 2024. The bureau has also simplified the reception of anonymous messages through the dark web and the Signal messenger, hoping to attract informants in the conditions of strict internet censorship in China.
Image Source: Wesley Tingey / Unsplash
The group, believed to be acting on behalf of the Chinese government, has carried out a large-scale cyberespionage operation, attacking the networks of several American telecommunications companies. In addition to cash rewards, the FBI offers informants relocation assistance and other security measures. To receive information, the agency has opened a dark web site and set up a special line of communication via Signal.
Salt Typhoon, also known as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286, has been actively engaged in cyber espionage since 2019. The main goal of its operations is to collect strategically important information, including in preparation for possible future military conflicts. During its activities, Salt Typhoon has carried out numerous attacks against telecommunications companies around the world, including the United States.
One of the most widespread was the 2024 cyberattack, when hackers penetrated the networks of Verizon, AT&T, and Lumen/CenturyLink, gaining access to huge amounts of Internet traffic. The targets of the attack were the networks of Internet service providers serving both business clients and millions of private users in the United States. According to The Washington Post, as a result of the attacks, the attackers likely gained access to court-authorized wiretapping systems, although no direct evidence of this was found. The fact of possible penetration into these systems is confirmed by a statement from the FBI.
The investigation found that the hackers stole call logs, limited private correspondence, and data controlled by U.S. law enforcement agencies under subpoenas. The information could have been used to conduct espionage or to prepare for cyber operations against the U.S. and its allies.
In December 2024, former US President Joe Biden’s administration told reporters that Salt Typhoon attacks had affected telecom companies in dozens of countries, including eight US carriers, twice the scale of what had previously been reported. Officials noted that the attacks could have continued for one to two years, but they said there was no certainty that the attackers had been completely eliminated from the compromised networks.
According to data from analysts at Insikt Group, a division of Recorded Future, published in February 2025, Salt Typhoon activity continued. The attackers focused on attacks on Cisco network devices connected to the Internet. They used two vulnerabilities – CVE-2023-20198 and CVE-2023-20273, which indicates serious problems in the area of timely equipment updates among telecom operators.