Verizon said a small number of individuals and a small percentage of traffic were impacted in Salt Typhoon
Verizon said that it has “contained” the impacts of the Salt Typhoon hack, which targeted high-profile political figures and was allegedly perpetrated by a hacking group backed by the Chinese government.
“Verizon has contained the cyber incident brought on by this threat actor,” the company said in a release. “An independent and highly respected cybersecurity firm has confirmed the Verizon containment.”
According to previous reports, the Salt Typhoon group was apparently targeting legal federal requests for wiretaps, also known as lawful intercept, but also had broader network access that means it could also have had access to more general internet traffic. Published reports on the breach generally conclude that the breach was an espionage effort focused on gaining information on which Chinese targets have been wiretapped by U.S. government officials.
Verizon described the incident as revolving around “a small number of individuals primarily involved in government or political activity were targeted by the threat actor,” and said that the targeted customers had been notified.
Verizon also acknowledged that “in the pursuit of a small number of targets, the threat actor also accessed a small percentage of mobile internet access and mobile call records of other Verizon wireless customers. Verizon does not have reason to believe that those customers were targeted, or that any banking or financial information or Social Security numbers were exposed.”
“Immediately upon learning of this incident, Verizon took several key actions to protect its customers and its network, including partnering with federal law enforcement and national security agencies, industry partners, and private cybersecurity firms,” said Vandana Venkatesh, Verizon’s chief legal officer, in a statement. “We have not detected threat actor activity in Verizon’s network for some time and, after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident.”
Venkatesh added: “We continue to devote significant resources to further strengthen and protect our network. This incident has not impacted our day to day operations, and customers can continue to use their Verizon devices and services as usual. We are unwavering in our commitment to offering our customers cutting-edge products and services over the nation’s leading telecommunications network.”
Deputy National Security Adviser Anne Neuberger, speaking on the government response to the breach late last year, has said that at least eight telecom companies—including AT&T, Verizon and Lumen—and dozens of countries are known to have been affected by Salt Typhoon.
Neuberger has also said that the White House does not believe any classified communications were accessed.
In the wake of the Salt Typhoon attack, the FCC is also taking a hard look at network security requirements. FCC Chairwoman Jessica Rosenworcel has proposed a draft ruling that part of the Communications Assistance for Law Enforcement Act (CALEA) legislation requires telecommunications carriers to secure their networks from unlawful access or interception of communications. That ruling has been presented to all the members of the FCC and would become effectively immediately upon a passing vote, the FCC noted.
Rosenworcel also is proposing that telecom service providers submit annual attestation that they have “created, updated, and implemented a cybersecurity risk management plan, which would strengthen communications from future cyberattacks.”
The FCC would also pursue a Notice of Proposed Rulemaking seeking input on “additional ways to strengthen the cybersecurity posture of communications systems and services.”
In related developments, the FCC also has proposed similar cybersecurity risk management plan requirements for submarine cable landing applicants and licensees, as incidents of deliberate cuts of sub-sea cables have risen. The Commission has also previously proposed that participants in the Emergency Alert System and Wireless Emergency Alerts maintain cybersecurity risk management plans, to prevent those systems from being hijacked.
