The advanced persistent threat (APT) group Salt Typhoon, linked to China, has expanded its campaign of cyberattacks across multiple industries worldwide, raising alarms about the security of critical infrastructure. A recent advisory issued jointly by 13 national cybersecurity authorities reports that Salt Typhoon is targeting backbone routers of telecom providers, as well as provider edge (PE) and customer edge (CE) routers, to infiltrate sensitive networks.
Once routers are compromised, the attackers leverage trusted connections to pivot deeper into targeted organizations. By modifying router configurations, they establish long-term, stealthy access that is difficult to detect. This persistence not only enables surveillance and data theft but could also be used to disrupt essential services. The group’s activity has been tied to three Chinese companies: Sichuan Juxinhe Network Technology Co., Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd.
While the campaign has prominently impacted telecommunications, government, and transportation, the tactics used by Salt Typhoon have direct implications for healthcare networks. Healthcare organizations depend heavily on secure, high-availability connectivity to run electronic medical records, telemedicine platforms, and connected medical devices. A router compromise in such environments could expose sensitive patient data, disrupt clinical operations, or interfere with care delivery.
This development underscores the broader trend of APT groups exploiting overlooked infrastructure components like routers, which often lack the same monitoring and patching rigor as servers or endpoints. For healthcare providers already balancing regulatory compliance with limited IT resources, this presents a critical security challenge.
Healthcare organizations should treat networking equipment—especially edge and backbone routers—as critical assets. Regular patching, router configuration audits, and network segmentation can reduce exposure. Beyond that, investing in intrusion detection for medical networks and practicing zero-trust principles will help safeguard patient data and ensure continuity of care against state-backed cyber campaigns.
