The FBI confirms that Chinese hackers have gained access to official US government devices and networks
- FBI and CISA confirm networks compromised by Salt Typhoon
- Devices and networks used by government officials were also affected
- The group also successfully breached a network used by US authorities
A joint statement from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a “broad and significant cyber espionage campaign” with ties to the People’s Republic of China has successfully breached numerous commercial telecommunications organizations.
The infiltration of these communications networks, believed to be the group tracked as Salt Typhoon, has allowed threat actors to access customer phone call data and the private communications of a limited number of individuals within the US government.
The joint statement has also confirmed that the group has managed to infiltrate a US wiretap system used by authorities to make requests under court orders.
ISPs and telecom companies have been compromised by Salt Typhoon
In late September 2024, Salt Typhoon targeted several US Internet service providers in a reconnaissance scan that would presumably help search for vulnerabilities for possible use in later attacks. In early October 2024, it was also reported that the compromise affected a number of telecommunications companies, such as AT&T, Lumen Technologies and Verizon.
Now it appears the problem is more widespread than initially thought Wall Street Journal report that the group may have had access for “months or longer,” citing people familiar with the matter.
This access may have allowed them to “collect Internet traffic from Internet service providers that count large and small businesses, and millions of Americans, among their customers.”
Salt Typhoon has also targeted Canadian organizations, with large parts of the government also subject to reconnaissance scans, as well as “dozens of organizations, including democratic institutions, critical infrastructure, the defense sector, media organizations, think tanks and NGOs,” the spokesperson said. The government of Canada said in a statement.
“The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) continue to provide technical assistance, quickly share information to help other potential victims, and work to strengthen cyber defenses in the commercial communications sector,” the joint statement said. “We encourage any organization that believes it may be a victim to contact its local FBI field office or CISA.”