US Identifies Chinese Firm Behind Salt Typhoon Hacks on Telecom Networks

A little-known Chinese cybersecurity company is allegedly behind “Salt Typhoon,” the Chinese hacking group blamed for infiltrating numerous telecommunications providers.

On Friday, the US State Department sanctioned Sichuan Juxinhe Network Technology Co. and a Shanghai resident, Yin Kecheng, who allegedly orchestrated last month’s hack of the US Treasury Department. The US accuses Yin of being an affiliate of China’s Ministry of State Security, which conducts foreign espionage. 

The US did not say how it linked Yin and Sichuan Juxinhe to the hacking activities. For now, the Treasury Department only says that Sichuan Juxinhe had “direct involvement” in the Salt Typhoon cyber group and “in the exploitation of these US telecommunication and internet service provider companies.”

China’s Ministry of State Security “has maintained strong ties with multiple computer network exploitation companies, including Sichuan Juxinhe,” the Treasury Department added. 

Meanwhile, The Washington Post reports Yin infiltrated the Treasury Department by hacking BeyondTrust, an identity management security provider.

The sanctions are the outgoing Biden administration’s final attempt to stop the Salt Typhoon hacks, which have ensnared at least nine US telecommunication companies, including AT&T and Verizon. The Chinese state-sponsored hackers potentially gained access two years ago, enabling them to intercept phone calls from prominent US politicians, including incoming President Trump. 

The Salt Typhoon hacks have been described as perhaps the worst in US history, partly because the Chinese cyberspies might still be lurking in US networks, thanks to outdated equipment and existing software flaws. But AT&T and Verizon reported last month that they no longer see Salt Typhoon activity in their networks.

In the meantime, the US sanctions will prohibit people and companies from conducting business with both Sichuan Juxinhe and Yin, unless a license has been granted. “Violations of US sanctions may result in the imposition of civil or criminal penalties on US and foreign persons,” the Treasury Department warned. 

The State Department has also issued up to $10 million for any information that could lead to the identification or location of state-sponsored hackers targeting US critical infrastructure.

About Michael Kan

Senior Reporter

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan