Published on: November 15, 2024
The US government’s Consumer Financial Protection Bureau (CFPB) sent out an alert to avoid using cellphones following several major telecom companies getting hacked.
The threat actors reportedly gained unauthorized access to Verizon and AT&T, two major US telecom companies. They were able to steal call logs, text messages, and audio messages from important individuals in America, including some associated with the Trump and Biden administrations.
“Do NOT conduct CFPB work using mobile voice calls or text messages,” CFPB explains through an email sent to employees.
“While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised,” said the email, which was sent to all CFPB employees and contractors.”
The criminal group, Salt Tycoon, has existed in the shadows and was not publicly disclosed until now. Chris Krebs from Sentinal One believes that the group works under the APT40 intelligence group that operates under the Chinese Ministry of State Security and was called out for prior attacks in July.
“The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe,” reports the Wall Street Journal.
Currently, cybersecurity experts are analyzing Cisco System Routers, a key part of US ISP infrastructure. As of now, there is no evidence to suggest that they were breached.
Experts are warning that China has shifted its goals from stealing information from US companies to outright infrastructure key US infrastructure..Despite that change, Salt Tycoon appeared to be focused on collecting data from key US telecom companies.
The CFPB advises employees to use Microsoft Teams or Cisco WebEx until the situation has been resolved. Any messages sent via cell phones may be intercepted at this time.