FBI confirms China-linked cyber espionage involving breached telecom providers
After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part of a “broad and significant cyber espionage campaign.”
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” their official statement reads.
The statement seemingly references the previously reported compromises of:
- Call Detail Records of a huge number of American subscribers
- Wiretap systems enabled by broadband providers such as AT&T, Verizon, Lumen Technologies and others, which were apparently used to spy on phone communications of people affiliated with the electoral campaigns of Vice President Kamala Harris and President-elect Donald Trump, as well as those of Donald Trump and VP-elect JD Vance
Those attacks have previously been attributed to a suspected Chinese state-sponsored cyber threat group known as Salt Typhoon.
Two other groups associated with the People’s Republic of China – Volt Typhoon and Flax Typhoon – have been previously implicated in the successful compromise of US organizations in critical infrastructure sectors and the running of IoT botnets that have been used in targeted attacks. (One of the botnets was disrupted earlier this year, but Volt Typhoon is trying to rebuild it.)
The FBI and CISA say that they expect their understanding of the aforementioned compromises to grow as the investigation continues.
“[We] will continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector. We encourage any organization that believes it might be a victim to engage its local FBI Field Office or CISA.”