China’s Salt Typhoon hackers broke into Norwegian companies

The Norwegian Intelligence Service (PST) and the Norwegian National Security Authority officially accused the Chinese state-sponsored hacking collective known as Salt Typhoon of conducting a sophisticated cyberespionage campaign against multiple domestic organizations throughout 2024. The attribution, announced in Oslo this week, identifies the group as the primary actor behind a series of breaches targeting critical infrastructure and government-linked contractors. Norwegian officials stated that the motive behind these digital incursions was the systematic theft of sensitive political and technological data to bolster China's strategic interests in the Nordic region. Salt Typhoon, which is also tracked by cybersecurity researchers under aliases such as FamousSparrow and GhostEmperor, has gained international notoriety for its high-level persistence and ability to remain undetected within foreign networks for extended periods. In the Norwegian case, investigators discovered that the hackers utilized advanced malware to gain unauthorized access to internal communications and proprietary databases. The breach is particularly concerning for the Norwegian government, as it marks an escalation in foreign interference targeting the country's sovereign data and its burgeoning technology sector. This incident follows a broader global trend of increased activity by the Salt Typhoon group, which has recently been linked to major security breaches in the United States and other Western nations, primarily focusing on telecommunications and government service providers. By targeting Norway, the group appears to be seeking intelligence related to the country's energy policies, maritime technology, and its position within NATO. The Norwegian government has briefed private sector leaders on the threat, urging heightened vigilance and the adoption of more robust encryption standards to mitigate future risks from state-aligned actors.