Chinese hackers have launched a massive cyberespionage campaign targeting telecom providers. On December 3, six months after the investigation started, US officials confirmed that threat actors might still be lurking in US telecom networks. Law enforcement agencies have also provided guidance on the best ways to protect enterprise networks in the future.
US telcos aren’t the only ones in the crosshairs, either. According to a joint advisory issued by Australia, Canada, New Zealand, and the US, “identified exploitations or compromises associated with these threat actors’ activity align with existing weaknesses associated with victim infrastructure.” While no novel activity has been observed yet, the advisory also provides instructions and advice for network engineers and defenders on how to best protect their respective organisations from attack.
As for the attacks, they have been attributed to a Chinese state-linked hacking group dubbed Salt Typhoon. The group has been active since at least 2020, with some artifacts dating back to 2019. This is also the first time US officials have confirmed reports that Salt Typhoon has access to critical infrastructure, and to make things worse; they’re providing difficult to kick out despite none of their methods for hacking these networks being new or sophisticated, as per a senior CISA official.
Despite the investigation being over six months old, officials don’t know the full scope of the intrusion either. The hack has given Salt Typhoon unprecedented access to records from US telcos about Americans’ communications. Most people caught in this collection are believed to be in the D.C. metro area, although officials refused to say how many telecom providers and users were affected by the hack. Politico claims over 80 telecom providers have been affected so far.
We do know that in some cases, Salt Typhoon was able to zero in on individuals to intercept their text messages and snoop in on their phone calls. President-elect Donald Trump, Vice President JD Vance, Vice President Kamala Harris, and their associates have all been reportedly targeted.
Most of these attacks stem from existing weaknesses in the infrastructure that these telcos rely on. Therefore, updating infrastructure and applying software patches should go a long way in reducing the scope of further attacks. At the moment, though, officials have no answer as to when they’ll be able to kick out hackers from affected telecom networks in an attack that has already become one of the most significant spying campaigns targeting the US.
In the News: AWS announces family of LLMs for text, image, video generation