Chinese hackers with ties to the PRC recently infiltrated several major U.S. telecommunications networks, tapping into sensitive communication systems that law enforcement uses for wiretapping. This breach, part of a larger cyber-espionage campaign, allowed hackers to gather extensive customer data, including call logs and possibly even some court-requested info from wiretaps.
Hackers operated under the name "Salt Typhoon" and managed to evade detection for a long time, with PoliceMag reporting unauthorized access lasting months or even longer.
The FBI and CISA released a statement saying this breach targeted both individuals and infrastructure tied to government or political activities. Although they didn’t reveal exact details, some telecom giants, including AT&T, Verizon, and Lumen, are believed to be among the impacted providers (as per Wall Street Journal).
This is not the first time that Chinese hackers have targeted the US government in an attempt to steal documents, emails, and passwords. Officials are now working to assess the full scope of the breach and to stop Salt Typhoon from exploiting the compromised systems further, especially as more details surface.
The joint statement from the FBI and CISA emphasizes the seriousness of the attack. They confirm that Chinese actors stole data related to call records, hacked into private communications, and may have accessed data connected to law enforcement. Their statement reads:
The U.S. government's continued investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign.
Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector. We encourage any organization that believes it might be a victim to engage its local FBI Field Office or CISA.
The breach reflects the Chinese hackers’ strategy of targeting critical infrastructure to collect intelligence on a large scale. For instance, even Canada reported similar hacking attempts around the same time, with scanning activities targeting government systems and democratic institutions, though actual breaches were limited to the U.S. The FBI and CISA encourage any company that suspects a breach to contact them for help with protective measures.
Via: TechCrunch
12 Comments - Add comment