Introduction
The following report outlines a significant cyber espionage campaign orchestrated by Chinese threat actors, specifically the group known as Salt Typhoon [5], targeting US telecommunications and internet service providers [6]. This campaign has resulted in unauthorized access to sensitive information and critical communication systems, with implications for national security and privacy.
Description
Chinese threat actors affiliated with the People’s Republic of China (PRC) [3] [8], specifically the group known as Salt Typhoon [5], have successfully breached the networks of multiple US telecommunications and internet service providers [6], including AT&T [2] [5], Lumen Technologies [5] [6], and Verizon [2] [5], as part of a significant cyber espionage campaign [2] [6]. A federal investigation has revealed that these hackers compromised networks to steal sensitive information from American government and political personnel, accessing extensive customer data [8], including call logs and private communications of individuals involved in government activities [1] [3] [4] [6] [8].
Reports indicate that the hackers had unauthorized access to critical communication systems used by law enforcement for wiretapping, with this access reportedly lasting for months [8]. Notably, these wiretap systems were allegedly used to spy on communications of individuals affiliated with the electoral campaigns of Vice President Kamala Harris and President-elect Donald Trump [6].
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory detailing the extensive compromise of networks by PRC-affiliated actors, confirming that the hackers had prolonged access to these systems. This breach also included unauthorized access to a US wiretap system used for court-ordered requests, indicating an interest in programs under the Foreign Intelligence Surveillance Act (FISA) [7], although specific names of affected individuals were not disclosed.
In late September 2024 [5], reconnaissance scans conducted by Salt Typhoon targeted several US internet service providers, potentially facilitating future attacks. The group may have harvested data from numerous businesses and millions of Americans. Additionally, Salt Typhoon has extended its operations to Canadian organizations, conducting reconnaissance across various sectors [5], including government [1] [2] [3] [4] [5] [6] [7] [8], critical infrastructure [5] [6] [8], defense [3] [4] [5] [6], media [5], think tanks [5], and NGOs [5].
Recent high-profile hacking incidents linked to China also include the disruption of a large operation known as Flax Typhoon [4], which involved malicious software on over 200,000 consumer devices [4], creating a botnet for further cyber crimes [4].
The FBI and CISA are actively investigating these breaches and collaborating with the telecommunications industry and victims to enhance defenses against ongoing cyberespionage efforts. They encourage organizations that suspect they may be victims to contact their local FBI offices or CISA [2] [3] [5]. While China has denied allegations of engaging in cyberespionage against Americans [4], the FBI and CISA anticipate that their understanding of these compromises will expand as investigations progress [6], and they remain committed to providing technical assistance and sharing information to help potential victims strengthen their cyber defenses [6].
Conclusion
The cyber espionage activities conducted by Salt Typhoon underscore the persistent threat posed by state-sponsored hacking groups to national security and privacy. The breaches have highlighted vulnerabilities within critical communication infrastructures, necessitating enhanced cybersecurity measures and international cooperation. As investigations continue, the FBI and CISA are dedicated to mitigating the impacts of these intrusions and preventing future incidents. Organizations are urged to remain vigilant and proactive in safeguarding their networks against such sophisticated cyber threats.
References
[1] https://www.infosecurity-magazine.com/news/telecom-hack-exposes-us-officials/
[2] https://techcrunch.com/2024/11/14/us-confirms-china-backed-hackers-breached-telecom-providers-to-steal-wiretap-data/
[3] https://www.yahoo.com/news/tech/fbi-cisa-chinese-hackers-breached-234900129.html
[4] https://www.nbcnewyork.com/news/national-international/fbi-uncovers-china-hackers-spying-network-targetting-us-telecommunication/5982866/
[5] https://www.techradar.com/pro/fbi-confirms-chinese-hackers-accessed-us-government-official-devices-networks
[6] https://www.helpnetsecurity.com/2024/11/14/cyber-espionage-telecommunications-us/
[7] https://www.aljazeera.com/news/2024/11/14/us-says-china-linked-hackers-behind-significant-cyberespionage-campaign
[8] https://www.neowin.net/news/fbi-confirms-chinese-hackers-breached-us-telecom-giants-for-wiretap-data-theft/