Several major United States telecommunications providers have reportedly been infiltrated by a Chinese hacking group known as Salt Typhoon, with a focus on gaining information on U.S. government wiretaps.
First reported by The Wall Street Journal, published reports say that the networks of telcos including Verizon, AT&T and Lumen have been compromised. The Washington Post reported that the list of impacted telcos is probably longer, citing unnamed officials, because the hackers have had access to the network systems for months and the investigation of the breach is in its early stages. According to a U.S. security official quoted by the Post, the Salt Typhoon group was apparently targeting legal federal requests for wiretaps, also known as lawful intercept, but also had broader network access that means it could also have had access to more general internet traffic.
Verizon has reportedly set up a “war room” including people from the Federal Bureau of Investigations, Microsoft and Mandiant, Google’s security unit, at a company facility in Ashburn, Virginia, a U.S. hot spot for data centers and network operations. The WSJ reported that the hackers may have been able to reconfigure Cisco routers undetected in order to get information.
Published reports on the breach generally conclude that the Salt Typhoon breach was an espionage effort focused on gaining information on which Chinese targets have been wiretapped by U.S. government officials.
RCR Wireless News has reached out to Verizon and AT&T. AT&T declined to comment.
In February of this year, CISA confirmed that another Chinese hacking group, Volt Typhoon, compromised the IT environments of multiple critical infrastructure organizations in communications, energy, transportation and water utilities across the United States. At the time, CISA was concerned that the Volt Typhoon effort was unusual in that it appeared to be focused on potentially disrupting control of systems, rather than a counter-intelligence move based on gathering information like the reported Salt Typhoon hack. CISA said in February: “The U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.”
