Cyber-espionage group ‘Salt Typhoon’ targeting ‘at least’ eight US telecom and telecom infrastructure firms, according to The Guardian. U.S. government agencies have held a classified briefing for the House of Representatives on Salt Typhoon. This was the largest intelligence compromise in US history and it sparked a call to all U.S. citizens to switch to encrypted communications.
Providing insights on Salt Typhoon and how organizations can proactively defend against APTs for Digital Journal is Renuka Nadkarni, Chief Product Officer at Aryaka.
Nadkarni explains why the recent incident carries potential concerns for businesses: “Events like Salt Typhoon underscore how enterprises and users remain susceptible to breaches due to dependencies on external infrastructure. As distributed applications increasingly rely on public clouds, SaaS, and global service providers for computing, storage, and networking, organizations face expanding attack surfaces outside of their control. Breaches become a matter of “when” not “if.”
There are structural reasons why vulnerabilities occur, linked to organizational setup and culture. Here Nadkarni reasons: “Many organizations rely on fragmented solutions from various vendors, leading to a lack of integration and limited visibility across their infrastructure, making it challenging to detect hidden malware. There is a lack of visibility due to complex environments such as sprawling IT systems with numerous endpoints, servers, and cloud integrations, which makes monitoring harder. Many organizations don’t log enough data or retain it long enough to trace the full extent of the compromise.”
As a solution, streamlining is key. Nadkarni thinks: “Operational simplicity remains key for organizations to detect Salt Typhoon activity. These processes can become burdensome and difficult to sustain. Establishing clear roles and responsibilities for managing security policies and procedures is essential to maintaining an effective and manageable defence.”
There are other measures that can be taken. Nadkarni recommends: “In addition to the guidance released by the FBI and CISA, organizations should adopt a zero-trust architecture that requires authentication and authorization for every access request, to help limit lateral movement and minimize the impact of a breach.”
Furthermore, Nadkarni proposes: “Additionally, organizations should prioritize threat hunting by monitoring known APT-related indicators of compromise (IOCs) and indicators of Attack (IOAs). By utilizing network segmentation and AI-driven automation, organizations can quickly detect, triage, and respond to APT activity.”
