Lawmakers targeted in encrypted messaging phishing scam

Douglas Rissing/Getty Images

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Enabling AI at the Edge for the Public Sector
Presented By Carahsoft
Download Now
Make Large Language Models Work–Without the Errors
Presented By Primer
Download Now
By David DiMolfetta and Edward Graham

By David DiMolfetta and Edward Graham

|

Officials have been urging Americans and federal staff to pivot to encrypted messaging services amid a recent Chinese breach into telecommunications networks.

An “outside source” claiming to be a government official is behind a phishing campaign that targeted multiple members of Congress and urged them to download an encrypted messaging app via a link, according to an internal advisory email obtained by Nextgov/FCW.

The email was sent out Thursday evening by the Office of the House Chief Administrative Officer and House Sergeant at Arms. It comes amid recent guidance issued by cybersecurity officials encouraging American citizens and government workers to send communications over encrypted messaging platforms in the wake of a sweeping Chinese intrusion into dozens of telecom providers in the U.S. and abroad.

Recipients of the phishing messages are advised to “not take any action such as downloading the requested application” and contact the House’s Chief Administrative Office or the House Sergeant at Arms.

The name of the purported government official is not provided in the email advisory.

“Only open text messages and emails from people you know and trust,” the email said, adding that “if you are not expecting a message from known individuals, verify via another avenue such as a phone call before responding.”

Nextgov/FCW has reached out to the House CAO office for comment.

Thursday’s email does not explicitly mention the Chinese hacking collective — dubbed Salt Typhoon by cybersecurity researchers — that penetrated around 80 telecommunications providers in the U.S. and abroad, including large firms like AT&T, Verizon, Lumen and T-Mobile. The hackers’ efforts were first revealed by the Wall Street Journal in October.

It is unclear if the actors behind the phishing campaign that targeted members of Congress are tied at all to Salt Typhoon.

The cyberespionage group accessed communications of some 150 select, high-value targets, including individuals affiliated with President-elect Donald Trump, according to previous media reports. 

A senior FBI official said on Tuesday that the hackers compromised systems that facilitate court-authorized wiretap requests, but operated with “much broader” goals in mind.

The advisory from the Office of the House Chief Administrative Officer and House Sergeant at Arms was sent out the same day that the Federal Communications Commission moved to update wiretap standards for telecom providers. 

FCC Chairwoman Jessica Rosenworcel circulated a draft ruling with her colleagues that would immediately require telecom providers to secure their networks against unauthorized access to systems that house wiretap requests from law enforcement.

The Cyber Safety Review Board is also holding its first meeting today to investigate Salt Typhoon’s hacking campaign.

In a statement, House Homeland Security Committee Chairman Mark Green, R-Tenn., urged affected telecom providers “to cooperate in this investigation so we have a comprehensive and thorough understanding of this intrusion, which will position the CSRB to develop potential recommendations for improving overall U.S. telecom network resiliency.”

Last month, it was reported that hackers were able to successfully access email communications between congressional legislative staffers and staff in the Library of Congress’s Congressional Research Service from January to September of this year.

NEXT STORY: FCC proposes updates to wiretap security standards following Chinese telecom hacks