At least 8 US carriers hit in Chinese telecom hacks, senior official says

Westend61/Getty Images

The hacks carried out by the Salt Typhoon group impacted a couple dozen countries and may have been ongoing for one to two years, the official said.

A pervasive Chinese cyberespionage campaign targeting telecommunications operators hit at least eight U.S. providers and compromised other telecoms firms based in a couple dozen other countries around the world, a senior administration official said Wednesday.

The hacks, carried out by the Chinese government-backed Salt Typhoon hacking group, may have been ongoing for one to two years, and also targeted a swath of individuals with governmental or political ties, added the official, who spoke to reporters on the condition of anonymity per White House press guidelines.

The Cybersecurity and Infrastructure Security Agency and the FBI said the group’s intrusions were first investigated in late spring and early summer of this year. They added that the hackers are not entirely jettisoned from the impacted networks. 

So far, the cyberspies have ensnared around 80 providers in the U.S. and abroad, including AT&T, Verizon, Lumen and T-Mobile. They’ve accessed communications of some 150 select, high-value targets, including people affiliated with President-elect Donald Trump, according to previous media reports. 

Top federal officials held a classified briefing with senators on Wednesday about the espionage campaign. The brief also included Director of National Intelligence Avril Haines and Federal Communications Commission Chairwoman Jessica Rosenworcel.

The prolific Chinese hacking group, whose efforts were first brought to light by the Wall Street Journal in October, compromised systems that facilitate court-authorized wiretap requests, but operated with “much broader” goals in mind, a senior FBI official said Tuesday. Overseas servers were used to springboard the hackers into some telecom providers’ networks, the FBI official noted.

A bipartisan pair of senators on Wednesday called for the Pentagon’s top watchdog to investigate the Defense Department’s “failure to secure its unclassified telephone communications from foreign espionage” in response to the hackers’ incursions.

The hacks have called into question the security posture of the wiretap environments governed by the Communications Assistance for Law Enforcement Act, or CALEA, which requires telecom companies to engineer their systems for “legal access” surveillance requests.

Forensic analysis for two of the victims “indicated that the actors were on other parts of their network conducting reconnaissance before pivoting to the CALEA system and surrounding devices,” the senior FBI official said Tuesday. The FCC does not yet appear poised to launch a formal proceeding to rework CALEA, despite calls from Congress to do so.

Minimum cybersecurity requirements for telecom networks would have helped prevent the intrusions, the senior administration official said Wednesday. The voluntary approach that companies take to invest in cyber improvements, patch systems and log data “has proved inadequate” for firms that undergird critical infrastructure like telecom networks, said the official.

Under current standards, the FCC says that carriers can develop their own wiretap solutions tailored to their networks, purchase solutions from equipment manufacturers and rely on a third party to determine whether they are CALEA-compliant.

“We want to make it riskier, costlier and harder for China to be successful each and every time. And that’s where moving to mandated cybersecurity practices is a part of our approach,” the senior official said.