Viasat Targeted in Cyberattack by Salt Typhoon APT Group

Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the Chinese state-sponsored group known as Salt Typhoon.

The breach, which occurred during the 2024 U.S. presidential campaign, was discovered earlier this year and highlights the growing threat posed by advanced persistent threat (APT) actors targeting critical American infrastructure.

Scope and Discovery of the Breach

According to a report, Viasat’s systems were infiltrated by Salt Typhoon as part of a broader operation that also compromised major telecommunications firms such as Verizon, AT&T, and Lumen Technologies. 

The group, which U.S. officials say has been active since at least 2020, is known for its sophisticated surveillance tactics, including the ability to geolocate millions of individuals and intercept phone calls at will.

Viasat, headquartered in California, provides satellite broadband not only to residential customers but also to commercial sectors, including aviation, maritime, and government, making it a particularly attractive target for foreign intelligence operations. 

The company confirmed the breach, stating that the unauthorized access was traced to a compromised device.

After a thorough investigation with independent cybersecurity partners and government authorities, Viasat reported no evidence of customer data impact and believes the incident has been remediated.

Implications and Government Response

The Salt Typhoon campaign is considered one of the broadest and most sophisticated hacks attributed to Chinese state-affiliated attackers.

It reportedly swept up tens of millions of phone records, including those of then-presidential candidate Donald Trump and members of both major campaigns. 

The operation also enabled hackers to access tools used by U.S. law enforcement for surveillance, raising concerns about national security and the integrity of sensitive communications.

The Federal Bureau of Investigation (FBI) has been actively working with affected companies. Brett Leatherman, the new head of the FBI’s cyber division, acknowledged the scale of the operation but declined to confirm specific victims.

He noted that while much of Salt Typhoon’s activity appears historical, the group’s advanced anti-forensic techniques mean they could remain undetected in some networks.

Despite Viasat’s assurances that the breach has been contained, federal agencies caution that Salt Typhoon’s presence may still linger in compromised systems.

The group’s ability to evade detection for extended periods underscores the persistent risk to U.S. critical infrastructure. China has repeatedly denied involvement, dismissing the allegations as disinformation.

This incident adds to Viasat’s history of being targeted by nation-state actors, following a separate cyberattack linked to Russia in 2022.

As investigations continue, the Viasat breach serves as a stark reminder of the escalating cyber threats facing U.S. communications networks in an era of geopolitical rivalry.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates