FBI, CISA say Chinese hackers are still lurking in US telecom systems

Avatar

Leading U.S. cybersecurity agencies on Tuesday said that Chinese hackers likely still have access to critical telecommunications systems, and published guidance to help engineers and network defenders identify and remove the threat actors.

In a call with reporters, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said the agencies have been investigating the incident since late spring, and have uncovered an expansive campaign that some lawmakers are calling the worst telecom hack in the nation’s history. The group behind the incident, Salt Typhoon, deeply penetrated multiple telecom companies and stole vast amounts of data on where, when and who individuals were communicating with. 

In some cases, the hackers were able to intercept audio and text. The group targeted officials from both presidential campaigns, including President-elect Donald Trump and his running mate JD Vance.

But the officials admitted that there are still many unanswered questions, including the extent of the breach itself.

“We cannot say with certainty that the adversary has been evicted, because we’re still understanding the scope,” one senior official said, adding that it would be impossible to predict when the hackers would be fully removed from the systems.

The agencies have been working with “scores” of telecom companies in recent months to investigate the breach and help kick out the intruders. Earlier on Tuesday, CISA and the FBI, as well as the National Security Agency (NSA) and its counterparts in Australia, Canada and New Zealand issued “visibility and hardening guidance” tailored to the telecommunication industry and other critical infrastructure sectors.

One complicating factor is that the hackers likely breached companies through different vectors, and also had broad aims and targets. Earlier media reports incorrectly stated that the hackers were focused on the law enforcement wiretap system — the the Communications Assistance to Law Enforcement Act (CALEA) — the officials said, adding that it was “one of several targets.”

The officials said they believed a huge amount of metadata on phone calls and texts were “essentially swept up by the adversary,” which also obtained call and text content from a select group of targeted individuals who were mostly associated with the U.S. government.

The officials did not answer questions about the number of Americans impacted, or broader changes that might need to be made to harden U.S. telecom infrastructure.

“We need to do some hard thinking long-term on what this means and how we’re going to secure our networks,” one official said.

CybercrimeChinaGovernmentNewsTechnologyPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Adam Janofsky

is the founding editor-in-chief of The Record from Recorded Future News. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.

 

Total
0
Shares
Previous Post

Energy industry contractor says ransomware attack has limited access to IT systems

Next Post

Vodka maker Stoli says August ransomware attack contributed to bankruptcy filing

Related Posts

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the
Avatar
Read More