Critical Infrastructure Security
,
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
US Probe of Chinese Hack Reveals ‘Broad and Significant Cyberespionage Campaign’
The U.S. investigation into Chinese hacking of commercial telecom infrastructure uncovered a “broad and significant cyberespionage campaign” targeting private communications of government and political figures, the FBI and top cyber defense agency warned in a joint statement.
An ongoing probe has revealed that threat actors affiliated with Beijing “have compromised networks at multiple telecommunications companies” as part of an effort to steal customer call records and copy sensitive information used in law enforcement requests. Reports previously attributed the espionage campaign to Salt Typhoon, an advanced persistent threat group linked to China’s foreign intelligence service, which targeted systems handling court-authorized wiretaps (see: Feds Probe Chinese ‘Salt Typhoon’ Hack of Major Telcos).
The CISA and FBI said they are offering technical support to a “limited number of individuals primarily involved in government or political activity” who were targeted in the hacking campaign.
“We expect our understanding of these compromises to grow as the investigation continues,” the statement added.
The CISA and FBI have not publicly identified the individuals targeted in the hacking campaign. Reports have suggested that Chinese threat actors attempted to exfiltrate data from campaign phones used by President-elect Donald Trump and Vice President-elect JD Vance (see: Chinese Hackers Reportedly Targeted Trump, Vance Phones).
It remains unclear whether the hacking campaign successfully stole records from the Trump campaign. A bipartisan group of lawmakers sent letters to AT&T, Verizon and Lumen in October demanding information about the hacking and adding that the potential breaches were “extremely alarming for both economic and national security reasons” (see: Congress Seeks Urgent Action After Chinese Telecom Hack).
“Chinese hackers potentially accessed vulnerable information including court-authorized network wiretapping requests and internet traffic,” wrote House Energy and Commerce Committee Chair Cathy McMorris Rodgers, R-Wash.; Ranking Member Frank Pallone, Jr., D-N.J.; Communications and Technology Subcommittee Chair Bob Latta, R-Ohio; and Ranking Member Doris Matsui, D-Calif. “In an age where Americans rely heavily on your services for communication and connectivity, the integrity of your networks is paramount.”
Both the CISA and FBI did not immediately respond to requests for comment.