Chinese state hackers, known as Salt Typhoon, hacked telecom companies in dozens of countries, according to Anne Neuberger, President Biden’s deputy national security adviser.
At a Dec. 4 press conference the White House official stated that eight telecom companies in the United States were affected by these breaches. Although these attacks have likely been ongoing for “one to two years,” Neuberger added, “we don’t believe any classified communications have been compromised.” Wall Street Journal previously reported that.
Global Chinese campaign
“The Chinese compromised private companies exploiting vulnerabilities in their systems as part of a global Chinese campaign that’s affected dozens of countries around the world.”
“We cannot say with certainty that the adversary has been evicted, because we still don’t know the scope of what they’re doing. We’re still trying to understand that, along with those partners.” So said a senior CISA (Cybersecurity and Infrastructure Security Agency) official during a press interview on Tuesday.
On Tuesday, CISA and FBI officials advised Americans to switch to encrypted messaging apps to reduce the chances of Chinese hackers intercepting their communications.
“Encryption is your friend”
“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” they said. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”
T-Mobile’s Chief Security Officer, who said last week that the company’s systems had been hacked through an affiliated wireline provider’s network, claims that T-Mobile no longer detects attacker activity within its network.
Also known by names such as FamousSparrow, Earth Estries, Ghost Emperor, and UNC2286, this state-backed hacker group has been committing intrusions into government agencies and telecom companies in Southeast Asia since at least 2019.
The Salt Typhoon telecom hacks
CISA and the FBI confirmed the hacks in late October, following reports that Salt Typhoon had compromised the networks of multiple telecom companies, including T-Mobile, Verizon, AT&T and Lumen Technologies.
Federal agencies later revealed that the attackers compromised the “private communications” of a “limited number” of U.S. government officials and gained access to the U.S. government’s wiretapping platform. They also stole data on law enforcement requests and customer call history.
Although the exact timing of the telecom network breaches is unclear, the Wall Street Journal reported that Chinese hackers had access for months or more. This allowed them to steal significant Internet traffic from Internet service providers serving American businesses and millions of customers.
New guidelines
On Tuesday, CISA released guidelines to help system administrators and engineers who manage communications infrastructure strengthen their systems against Salt Typhoon attacks.
Working with the FBI, NSA, and international partners, this joint advisory includes tips for strengthening network security to reduce the attack surface targeted by Chinese hackers. Consider unpatched devices, vulnerable services accessed online, and generally less secure environments.
Tip: China expresses dissatisfaction with new ASML restrictions