Chinese Cyber Espionage Group ‘Salt Typhoon’ Infiltrates Norwegian Organizations
In a recent development, the Norwegian government has accused the Chinese-backed hacking group known as ‘Salt Typhoon’ of infiltrating multiple organizations within the country. The Norwegian Police Security Service (PST) released a report on Friday detailing these cyber intrusions, attributing them to a group believed to be operating under the auspices of the Chinese government. The hackers reportedly exploited vulnerabilities in network devices to conduct espionage activities.
This incident places Norway among a growing list of nations targeted by Salt Typhoon. Senior U.S. national security officials have previously described the group as an epoch-defining threat due to its persistent and covert cyber operations. Over the years, Salt Typhoon has systematically breached critical infrastructure networks worldwide, including telecommunications providers in Canada and the United States. In these instances, the group allegedly intercepted communications of high-ranking politicians, prompting telecom companies to bolster their security measures.
The PST’s report did not disclose specific details about the recent hacking campaign in Norway. When approached for comments, a spokesperson for Norway’s embassy in the U.S. did not provide an immediate response.
Background on Salt Typhoon:
Salt Typhoon has been active for several years, orchestrating sophisticated cyber espionage campaigns targeting various sectors globally. Their modus operandi often involves exploiting vulnerabilities in network devices to gain unauthorized access and siphon sensitive information.
In August 2025, the FBI revealed that Salt Typhoon had compromised at least 200 U.S. companies, extending their reach to organizations in 80 countries. The hackers focused on intercepting call records of senior American politicians and officials, enabling them to map communication patterns and monitor U.S. surveillance activities. The severity of these breaches led the FBI to advise Americans to adopt encrypted messaging applications to safeguard their communications.
Despite sanctions imposed by the U.S. government in January 2025 against entities linked to Salt Typhoon, the group continued its cyber activities. Security researchers observed the hackers breaching five telecommunications firms between December 2024 and January 2025, including companies in the U.S., Italy, South Africa, and Thailand. The group exploited specific vulnerabilities in unpatched Cisco devices running IOS XE software to carry out these attacks.
Implications for Norway:
The infiltration of Norwegian organizations by Salt Typhoon underscores the persistent and evolving nature of cyber threats posed by state-sponsored actors. For Norway, this breach highlights the critical need to enhance cybersecurity measures across both public and private sectors. Organizations are urged to conduct thorough security assessments, patch known vulnerabilities promptly, and implement robust monitoring systems to detect and mitigate potential intrusions.
Furthermore, this incident emphasizes the importance of international collaboration in addressing cyber threats. Sharing intelligence, best practices, and coordinated responses can significantly bolster global cybersecurity resilience against sophisticated adversaries like Salt Typhoon.
Conclusion:
The recent cyber intrusions attributed to Salt Typhoon serve as a stark reminder of the ongoing challenges in the cybersecurity landscape. As state-sponsored hacking groups continue to evolve their tactics, it is imperative for nations and organizations to remain vigilant, invest in robust cybersecurity infrastructures, and foster international cooperation to effectively counter such threats.
