Published on: October 9, 2024
Chinese state-sponsored hackers, identified as the group Salt Typhoon have infiltrated the networks of major US telecom companies, including Verizon, AT&T, and Lumen Technologies.
According to reports, the hackers accessed systems that manage court-authorized wiretaps, potentially compromising critical surveillance operations used by US law enforcement and intelligence agencies.
The breach, which may have gone undetected for months, has raised alarm about the security of sensitive communications and the integrity of the wiretap system, which is essential for monitoring criminal and national security threats.
The Salt Typhoon breach extended beyond wiretapping systems, with hackers potentially gaining access to broader internet traffic data. Experts warn that this could enable them to manipulate monitoring lists, add or remove targets, and even suspend surveillance on specific individuals, jeopardizing ongoing investigations.
US telecom companies hold vast stores of user data, including call logs and internet activity, which law enforcement agencies can access through legal warrants for criminal and national security investigations.
To further probe the scope of the breach, cybersecurity experts from Microsoft and Google-owned Mandiant are assisting in the ongoing investigation. One primary concern is whether the hackers gained access to critical network infrastructure, particularly Cisco routers that manage large portions of internet traffic.
A Cisco spokesperson, however, indicated that the company has yet to find any evidence suggesting their equipment played a role in the attack. The investigation continues as the government and private sector collaborate to assess the full extent of the breach and prevent future incidents.
China’s foreign ministry responded by denying involvement, accusing the US of fabricating a “false narrative.” They stressed that cybersecurity challenges require international cooperation rather than finger-pointing.
“China firmly opposes and combats cyberattacks and cyber theft in all forms,” said Liu Pengyu, a spokesman at the Chinese Embassy in Washington.
However, US investigators view this breach as part of a larger pattern of Chinese cyber-espionage efforts. Earlier this year, another Chinese hacking group, Flax Typhoon, was linked to similar intrusions targeting US systems.
Experts advocate for more secure, segmented networks, such as private 5G solutions, to protect critical infrastructure from foreign cyberattacks. However, the US telecom industry still largely relies on older, commercially run networks, leaving sensitive government operations vulnerable.