Cyberattacks linked to the Chinese government that compromised large portions of the American telecommunications network have the U.S. government sounding the alarm. The chair of the Senate Intelligence Committee, Sen. Mark Warner (D-VA), has called it the “worst telecom hack in our nation’s history” and noted that it makes prior cyberattacks by Russian operatives look like “child’s play” by comparison.
The complex cyberattack, carried out by a group of Chinese hackers dubbed Salt Typhoon, began as far back as 2022. Its purpose, according to U.S. officials, was to give Chinese operatives persistent access to telecommunications networks across the U.S. by compromising devices like routers and switches run by companies like AT&T, Verizon, Lumen and others.
This attack comes on the heels of reports that the FBI and Cybersecurity and Infrastructure Security Agency were assisting telephone companies with countering other China-connected compromises of their networks. The earlier hacking was part of an attack targeting people in the Washington area in government or political roles, including candidates for the 2024 presidential election.
But Salt Typhoon is not just targeting Americans. Research from security vendor Trend Micro shows that attacks by Salt Typhoon compromised other critical infrastructure around the world in recent years. U.S. officials have confirmed these findings as well – and their level of concern is noteworthy.
Chinese officials have denied the allegations that they’re behind this operation, as they have in response to allegations about previous cyberattacks.
As a cybersecurity researcher, I find this attack is indeed breathtaking in its scope and severity. But it’s not surprising that such an incident took place. Many organizations of all sizes still fail to follow good cybersecurity practices, have limited resources, or operate IT infrastructures that are too complex to effectively monitor, manage and secure.
How bad is it?
Salt Typhoon exploited technical vulnerabilities in some of the cybersecurity products like firewalls used to protect large organizations. Once inside the network, the attackers used more conventional tools and knowledge to expand their reach, gather information, stay hidden and deploy malware for later use.
According to the FBI, Salt Typhoon allowed Chinese officials to obtain a large amount of records showing where, when and who specific individuals were communicating with. In some cases, they noted that Salt Typhoon gave access to the contents of phone calls and text messages as well.
‘PBS News Hour’ reports on updates from the White House about Salt Typhoon.
Salt Typhoon also compromised the private portals, or backdoors, that telephone companies provide to law enforcement to request court-ordered monitoring of phone numbers pursuant to investigations. This is also the same portal that is used by…
