CISA urges senior government officials to lock down mobile devices amid ongoing Salt Typhoon breach

Senior government officials and politicians need to use end-to-end encrypted apps and should assume all of their messages are at risk of being stolen or manipulated, federal cybersecurity experts said on Wednesday. 

Federal authorities have spent weeks scrambling to respond to revelations that Chinese government hackers burrowed deep inside U.S. telecommunications networks, allowing them to access the phone data, messages and even calls of about 150 senior officials. 

The 5-page advisory released on Wednesday by the Cybersecurity and Infrastructure Security Agency (CISA) provides troves of guidance for both Apple and Android users, urging all “highly targeted individuals” to rely on the “consistent use of end-to-end encryption.”

“Highly targeted individuals should assume that all communications between mobile devices — including government and personal devices — and internet services are at risk of interception or manipulation,” CISA said. 

The recent Salt Typhoon breaches “enabled the theft of customer call records and the compromise of private communications for a limited number of highly targeted individuals,” CISA said. 

U.S. officials previously said those targeted include President-elect Donald Trump, his running mate JD Vance, and staff members of Vice President Kamala Harris as well as Senator Chuck Schumer (D-NY). 

During a press call with reporters, CISA executive Jeff Greene declined to provide more information on the government’s investigation into the Salt Typhoon breaches — which have roiled Congress due to the lack of answers from telecommunications companies and federal investigators. 

Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, previously said Chinese actors are still inside the breached systems.

Greene told reporters that the response to their outreach on the protection of senior officials’ communications was well-received and said there is a whole-of-government effort to lock down devices in their ecosystem. 

“I know that the visibility we have is definitely growing with respect to mobile devices. I don’t have a precise number or the breakdown between cloud instances, traditional and mobile. Right now, we are seeing over five million devices across 94 agencies,” he said. 

CISA’s visibility across all of these devices have given them insights into threats that would likely have been missed in the past. 

Most current government officials have to abide by device security policies enacted by department chief security officers and the incoming administration is stacked with current members of Congress, which has its own policy about device protection. 

The advisory comes as Congressional outrage about the breaches has evolved into punitive actions taken against China. 

It was revealed on Wednesday that U.S. authorities are mulling a ban of products produced by Chinese router-manufacturer TP-Link. The company sells the most popular router brand in the U.S. and the devices are used widely across the federal government.  

Around the same time, the Chinese National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) accused the U.S. government of two cyberattacks against large Chinese technology companies over the last year that saw the theft of “commercial secrets.”

“Since August 2024, a certain advanced material design and research unit in our country has been attacked by a suspected US intelligence agency,” Chinese officials said in a statement on Wednesday. 

“According to analysis, the attackers exploited a vulnerability in a certain electronic document security management system in China to invade the software upgrade management server deployed by the company, and delivered malware to more than 270 hosts of the company through the software upgrade service, stealing a large amount of commercial secrets and intellectual property of the company.” 

China said U.S. hackers exploited vulnerabilities in Microsoft Exchange — an accusation often levied against Chinese hackers — and installed backdoors allowing them continued access.