CFPB Advises Employees to Limit Phone Use Following Salt Typhoon Hack

November 10, 2024

In the wake of a significant breach by the China-connected Advanced Persistent Threat (APT) group known as Salt Typhoon, the U.S. Consumer Financial Protection Bureau (CFPB) has instructed its employees to limit the use of their cellphones for work-related matters. The CFPB, established in 2011, is a U.S. government agency that ensures consumer protection in the financial sector by promoting fair, transparent, and competitive financial markets.

The agency has recommended its employees to minimize their phone usage and instead, utilize platforms like Microsoft Teams and Cisco WebEx for any meetings or conversations involving non-public data. According to the Wall Street Journal, the CFPB's Chief Information Officer sent an email to the staff stating, “Do NOT conduct CFPB work using mobile voice calls or text messages,” in reference to a recent government statement acknowledging the telecommunications infrastructure attack.

The email further stated, “While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised,”. This precautionary directive was sent to all CFPB employees and contractors.

The Salt Typhoon APT group, also known as FamousSparrow and GhostEmperor, has been linked to several breaches of U.S. internet service providers in recent months as part of a cyber espionage campaign. The campaign, aimed at gathering intelligence or executing disruptive cyberattacks, is believed to be state-sponsored.

Investigations are underway to determine if the attackers obtained access to core network components of the ISP infrastructures, specifically Cisco Systems routers. A spokesperson from Cisco confirmed the ongoing investigation, stating, “at this time, there is no indication that Cisco routers are involved” in the Salt Typhoon activity.

Intelligence and cybersecurity experts warn that Chinese nation-state actors have transitioned from stealing secrets to infiltrating critical U.S. infrastructure, indicating their focus on the core of America’s digital networks. The Salt Typhoon hacking campaign, linked to China, is believed to be more focused on intelligence gathering rather than crippling infrastructure.

Chris Krebs from SentinelOne suggested that the group behind Salt Typhoon may be affiliated with China’s Ministry of State Security, specifically the APT40 group, which specializes in intelligence collection. This group was publicly called out by the U.S. and its allies for hacking activities in July.

In July, Cisco addressed an actively exploited NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches. Sygnia, a cybersecurity firm, identified and reported the attacks in April 2024.

In August, researchers from Volexity reported that a China-linked APT group, known as StormBamboo (aka Evasive Panda, Daggerfly, and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.