Hackers with links to China allegedly infiltrated a US telecommunications surveillance network, remaining undetected for 18 months and gathering information on more than a million people. The full scope of their actions is still unclear.
Starting in mid-2023, a cybercriminal group named Salt Typhoon, which has connections to Chinese intelligence, breached major US telecommunications companies, including Verizon and AT&T, as well as systems used for surveillance authorized by courts, according to a report from the Wall Street Journal.
These surveillance systems were reportedly used to monitor individuals suspected by the US government of being Chinese agents.
The report revealed that the hackers infiltrated one US telecom network for 18 months and gained access to another for six months, without revealing the specific companies involved.
During this time, the hackers focused on communications associated with high-profile figures, including President-elect Donald Trump, Vice President-elect JD Vance, Vice President Kamala Harris, and those within their circles.
A significant target of the cybercriminals was the telecommunications infrastructure in Washington, DC. They were able to collect a vast amount of data, including IP addresses and phone numbers, impacting over 1 million individuals.
An anonymous senator told The Washington Post last year that the breach was “the worst telecom hack in our nation’s history — by far.”
Worryingly, after the hackers were identified, they adapted their strategies, making it even more challenging for authorities to track them, the Wall Street Journal reported.
The hackers were reportedly still present within some of the telecom systems as late as October, even after the intrusion was made public.
While inside the networks, the attackers attempted to impersonate systems engineers and conceal their activities, blending into the system. However, authorities eventually tracked the stolen data as it was sent worldwide and ultimately transferred to China.
An FBI official stated, “We saw a massive set of data acquired.”
Chinese officials have denied any involvement.
“Some in the US seem to be enthusiastic about creating various types of ‘typhoons,’” Liu Pengyu, spokesperson for the Chinese embassy in Washington, remarked.
“The US needs to stop its own cyberattacks against other countries and refrain from using cybersecurity to smear and slander China.”
In response, AT&T maintains that no foreign breach has been detected in its network, while Verizon asserts it has “contained the activities associated with this particular incident.”
However, national security experts are not so sure. Many believe the scale of the breach may be so extensive that the US may never be able to confirm that the hackers have been fully removed.
In light of this, senior US officials are increasingly turning to encrypted communications via private apps like Signal to safeguard against future cyberattacks.
To bypass existing cyber defenses, the Chinese-linked hackers exploited outdated US telecom infrastructure.
“It’s shocking how exposed we are, and still are,” Sen. Dan Sullivan (R-Alaska) lamented during a Senate hearing last month, describing a briefing he received on the attack as “breathtaking.”
In the same timeframe, officials from the Treasury Department informed Congress that a Chinese state-backed group had breached certain workstations, gaining access to “unclassified” documents.
Historically, China’s cyber activities were believed to focus on obtaining US trade secrets to improve its economic standing. However, the recent breaches highlight the Chinese Communist Party’s increasing use of cyberwarfare to secure a geopolitical advantage.
In the fall of 2023, key US officials worked quickly to counter a Chinese-backed attack that had compromised critical infrastructure, potentially enabling the attackers to disrupt power grids and even interfere with US ports.
Ultimately, government officials were able to identify some of the breached systems and neutralize portions of the malicious software.
{Matzav.com}