A growing concern: Chinese cyberattacks on the US have surged in recent years, targeting critical infrastructure, government systems, and private corporations. These sophisticated campaigns often aim to steal sensitive data, conduct espionage, and disrupt operations, posing significant threats to national security and economic stability.
On Wednesday, the US government confirmed that Chinese hackers breached several US telecommunications service providers. The threat actors compromised wiretap systems used for law enforcement surveillance. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a statement describing the campaign as "broad and significant," implicating a state-sponsored hacking group from the People's Republic of China (PRC).
The attackers infiltrated wiretap systems, raising severe national security and privacy concerns. While the FBI and CISA did not list specific providers, the Wall Street Journal reported in early October that AT&T, Verizon, and Lumen Technologies were among the carriers the hackers hit. The intrusions, which may have lasted for months, enabled the exfiltration of sensitive data, including customer call records and the internet traffic of millions of Americans.
The hackers, identified as "Salt Typhoon." It is part of a larger colective called "Typhoon," which has several splinter cells, including Volt Typhoon and Flax Typhoon. Salt reportedly exploited vulnerabilities in the telecommunications networks to gather intelligence. While the bad actors presumably had carte blanche access to the systems, US officials said the compromised data only included private communications from a limited number of individuals, primarily those involved in government or political activities.
Manufacturers of networking and phone gear must follow specific standards for 'lawful interception' in different jurisdictions (e.g. CALEA & ETSI's standards)
– John Scott-Railton (@jsrailton) October 5, 2024
But as we learn time & time again, the scope of potential access & harm almost never matched by efforts to detect &... pic.twitter.com/on0jvueszo
Although the agencies were reluctant to name names, CNN reported in the lead-up to the US presidential election that high-profile individuals, including President Donald Trump and running mate Senator JD Vance, may have been targeted as part of the hacking campaign. The hackers also copied information related to US law enforcement requests, potentially undermining critical ongoing investigations.
The CISA and the FBI emphasized that they continue to assist affected companies and encourage other organizations to report suspicious activity.
"[We] continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector," the agencies stated. "We encourage any organization that believes it might be a victim to engage its local FBI Field Office or CISA."
TechCrunch notes that the breach is the latest in a series of sophisticated cyberattacks attributed to China-linked "Typhoon" hacking groups targeting critical US infrastructure. Experts warn that the campaign demonstrates heightened strategic targeting by PRC-affiliated actors, who increasingly focus on sensitive government and communications systems.
China has denied involvement, with a spokesperson stating that the country "opposes cyberattacks in all forms." However, US officials and cybersecurity experts remain vigilant, warning of the potential for further espionage and disruptive activities.
US officials confirm Chinese hackers had access to law enforcement wiretap systems for months
