A recent cyberattack linked to the Chinese government has successfully infiltrated multiple court-authorized wiretap systems in the US. So far, the attack has been attributed to a highly skilled hacking group known as “Salt Typhoon,” and the targets of this attack include the likes of major US broadband providers such as AT&T, Verizon, and Lumen Technologies.
This newest cyberattack comes at a time of heightened tensions between the U.S. and China. US officials are concerned about the potential national security risks posed by this cyber intrusion. It specifically targeted the network infrastructure used by telecom companies to cooperate with lawful requests for communications data, and for now, the full extent of the cyberattack is being investigated.
According to what we know so far, the threat actors potentially have access to wiretap warrant requests, as well as “other tranches of more generic internet traffic.” This is hardly unexpected, given that telecom companies in the US are known to hold a great amount of caller and user data (which law enforcement agencies can access when they have a warrant). The firms have been relied upon to confidentiality of wiretap data and to assist in lawful surveillance operations. Still, the mere possibility that Chinese state-sponsored hackers now have access to wiretap warrant information for an extended period is concerning, since this data is likely to catch the eye of the Chinese government, particularly in cases involving Chinese nationals.
So far, none of the impacted telecom companies – including AT&T and Lumen – have commented on the matter, while the Justice Department and the FBI remained silent as well. For now, officials in the US are joining forces with the likes of Microsoft and Mandiant to investigate the incident. This caution is not unwarranted, especially since the Salt Typhoon group is known to focus on intelligence collection instead of immediate disruption. “We track Salt Typhoon and have seen activity consistent with public news reports,” a Microsoft spokesperson commented on the matter. “When we see nation state activity, we provide customers with information to investigate as appropriate.”
For its part, the Chinese Embassy in Washington DC denied the involvement of state-based actors taking part in the cyberattack. Embassy spokesperson Liu Pengyu accused the US of “politicizing cybersecurity issues to smear China.” This is nothing new – Beijing has seldom been open about the involvement of its threat actors on foreign soil – the Chinese government has repeatedly rejected claims that Chinese-sponsored hackers have acted against foreign entities.
“At a time when cybersecurity has become a common challenge for all countries around the world, this erroneous approach will only hinder the efforts of the international community to jointly address the challenge through dialogue and cooperation,” the Chinese Ministry said in an official statement.
The newest development simply adds to the long link of Chinese cyber-espionage attacks that have targeted US-based firms. Recent years have seen the Asian country be linked to a series of high-profile hacking campaigns, including breaches of federal agencies and US corporations. Earlier, FBI Director Christopher Wray noted that hackers backed by the Chinese government currently outnumber FBI cyber personnel by a staggering 50 to 1. The Salt Typhoon group, for example, is believed to be affiliated with China’s Ministry of State Security.