All news with #salt typhoon tag

FCC Reversal Removes Telecom Cybersecurity Mandates

⚠ The FCC has reversed its January 2025 Declaratory Ruling that required US telecom providers to adopt and annually certify stricter cybersecurity controls under CALEA. The agency said the earlier order was misconstrued and unlawful, citing recent engagements with carriers and targeted actions instead of prescriptive mandates. Critics, including FCC Commissioner Anna Gomez and security experts, warn the rollback could leave critical infrastructure more exposed after the Salt Typhoon attacks.

FCC Reverses Telco Cybersecurity Mandate After Salt Typhoon

🔒 The FCC has rescinded a January 2025 declaratory ruling under CALEA that would have required telecom carriers to adopt formal cybersecurity risk-management plans, submit annual certifications, and treat network cybersecurity as a legal obligation after the Salt Typhoon intrusions. The agency, now led by new commissioners, also withdrew the accompanying NPRM, calling the prior approach inflexible and legally flawed. Carriers say they have strengthened defenses and agreed to continued coordination, while critics warn that relying on voluntary measures risks leaving national communications infrastructure exposed.

Nation-state Hackers Breach Ribbon Communications' Network

🔒 In a filing with the SEC, Ribbon Communications disclosed that unauthorized actors, reportedly tied to a nation-state, had access to its IT network, with initial intrusion activity traced as far back as December 2024. The company detected the breach in September 2025, has worked to terminate access, and is collaborating with third-party cybersecurity experts and federal law enforcement. Ribbon says it has not yet found evidence of material corporate data theft, although attackers accessed customer files on two laptops outside the main network.

45 Previously Unreported Domains Linked to Salt Typhoon

🔍 Silent Push researchers have identified 45 previously unreported domains tied to China-linked threat clusters Salt Typhoon and UNC4841, with registrations dating as far back as May 2020. The infrastructure shows overlap with UNC4841, the group associated with exploitation of a Barracuda ESG zero‑day (CVE-2023-2868). Investigators discovered three Proton Mail addresses used to register 16 domains with fabricated contact details and found many domains resolving to high‑density IP addresses. Organizations are urged to search five years of DNS logs and audit requests to the listed IPs and subdomains.