The Cybersecurity and Infrastructure Security Agency (CISA) released guidance today to protect “highly targeted” individuals – senior government and political officials – against the cyber espionage activity of Salt Typhoon.
The China-sponsored Salt Typhoon hacks of U.S.-based carriers including AT&T, Verizon, and Lumen – and as many as eight providers in all – were unveiled in October.
CISA is urging highly targeted individuals to immediately apply its best practices out today to protect mobile communications.
The guidance includes eight general best practices for all devices, including:
- Only using end-to-end encrypted communications;
- Enabling Fast Identity Online (FIDO) phishing-resistant authentication;
- Migrating away from Short Message Service (SMS)-based multi-factor authentication (MFA);
- Using a password manager;
- Setting a Telco PIN;
- Regularly updating software;
- Opting for the latest hardware version from your cell phone manufacturer; and
- Not using a personal virtual private network (VPN).
The guidance also includes recommendations for both iPhones and Androids that are specific to each of the respective cell phone’s settings.
“Highly targeted individuals should assume that all communications between mobile devices – including government and personal devices – and internet services are at risk of interception or manipulation,” the guidance says. “While no single solution eliminates all risks, implementing these best practices significantly enhances protection of sensitive communications against government-affiliated and other malicious cyber actors.”
