Official agencies confirmed that Chinese hackers have compromised the private communications of a limited number of U.S. government officials. The attackers infiltrated multiple U.S. broadband providers, including AT&T, Verizon, and Lumen Technologies.
The breach was attributed to the hacking group known as Salt Typhoon (aka Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) and has far-reaching implications for the telecommunications sector and the broader cybersecurity landscape, according to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
Not only did the attackers gain unauthorized access to sensitive government communications, but they also stole customer call records and information related to U.S. law enforcement requests.
According to a joint statement by CISA and the FBI, the attackers leveraged their access to gather extensive data from the compromised networks. The breach likely lasted "months or longer," enabling the hackers to collect vast amounts of internet traffic across wide-reaching networks.Â
Reports indicate that Salt Typhoon had access to U.S. federal government systems used for court-authorized network wiretapping requests.
In a related development, Canada revealed last month that China-backed threat actors conducted broad network scans targeting Canadian government agencies and departments, as well as other crucial sectors like media organizations and critical infrastructure.Â
Salt Typhoon, which has been active since at least 2019, is known for its focus on breaching government and telecommunication entities in Southeast Asia. The group is now linked to these recent breaches in North America.Â
In parallel, Chinese government-backed cyber espionage group Volt Typhoon has been identified in similar infiltration activities involving internet service providers in the United States and India.Â
Lumen Technologies Inc.’s unit Black Lotus Labs' security researchers announced in October that they suspect Volt Typhoon to be behind the cybercriminal campaign that started on June 12.