On January 16, 2025, during a pivotal discussion at the Foundation for Defense of Democracies, Jen Easterly, the outgoing Director of the Cybersecurity and Infrastructure Security Agency (CISA), revealed alarming insights regarding the China-sponsored threat group known as Salt Typhoon. Although Easterly refrained from specifying which U.S. agencies were impacted or the exact timeline of the breaches, she emphasized that CISA's vigilant monitoring had significantly increased visibility into the ongoing cyber campaign.

 

The Discovery of Salt Typhoon

Easterly detailed how CISA’s proactive measures allowed federal networks to identify Salt Typhoon prior to its recognition as a sophisticated threat. The agency employed advanced threat-hunting techniques, enabling law enforcement to investigate malicious activities tied to virtual private servers utilized by the attackers. “We saw it as a separate campaign called another goofy name,” she noted, highlighting the importance of thorough and multifaceted surveillance in the early detection of cybersecurity threats.

 

The infiltration of U.S. telecom networks, affecting at least nine companies, represents a troubling trend in cybersecurity. Officials have indicated that this campaign, which has been ongoing for months—potentially up to two years—went largely undetected until recent discoveries by CISA and its partners. The magnitude of the compromise poses significant challenges for federal cybersecurity authorities as they work to assess and rectify the impact on critical infrastructure.

 

Progress in Collaboration

Despite the troubling nature of these revelations, Easterly expressed optimism regarding the advancements made in inter-agency collaboration. She characterized the current cooperation between CISA, the FBI, the intelligence community, and private sector partners as “almost seamless.” This contrasts sharply with the past, where information sharing among these entities was often hindered by a “tribal” mentality.

 

The insights gathered by CISA’s threat-hunting teams were vital, enabling law enforcement to gain crucial access to data that illuminated the scope of the Salt Typhoon campaign. Easterly shared that these efforts not only improved the visibility of the threat but also facilitated the provision of technical assistance to known or suspected victims in the private sector.

 

“Through collaborative efforts, we are identifying threats earlier, and we are driving down risk by remediating and mitigating very aggressively,” she stated.

 

Continued Vigilance Required

While CISA has made commendable strides in addressing threats posed by Chinese government-sponsored intrusions, Easterly warned that the danger remains imminent. She noted that current findings represent “just the tip of the iceberg,” and federal officials lack complete visibility into the full scale of the threat. Salt Typhoon is one among several active cyber threat groups backed by the Chinese government, with another group, Volt Typhoon, already having infiltrated various critical systems, including transportation, energy, and water resources.

 

Easterly stressed that these groups are poised for potential disruption, particularly in the event of conflict in the Asia-Pacific region, hinting at the possibility of widespread attacks that could affect “everything, everywhere, all at once.” The implications of such aggressive cyber activities underscore the need for continued vigilance and proactive defense strategies.

 

Looking Forward

As Easterly prepares to depart CISA next week with the inauguration of President-elect Donald Trump, she highlighted the transformational progress made within the agency under her leadership. However, she acknowledged that challenges remain, particularly regarding the security of software provided by third-party vendors.

 

“Are we still going to have issues like what we saw in Treasury? Yes, we will,” she reflected. Yet, her confidence in the growing capabilities of federal cyber defenses offers a beacon of hope in an increasingly complex threat landscape. With enhanced detection, collaborative response, and a commitment to securing critical infrastructure, the U.S. is better positioned than ever to confront the evolving challenges of cyber warfare.