US Govt Officials' Communications Compromised in Recent Telecom Hack

Summary:
CISA and the FBI released a joint statement on November 13, 2024, confirming that PRC-affiliated threat actors have compromised the "private communications" of a "limited number" of government officials after breaching multiple U.S. broadband providers in a broad and significant cyber espionage campaign. Along with private communications of government officials, the adversary harvested customer call records data and law enforcement requests pursuant to court orders. This activity is enabled by the widespread compromise of multiple telecommunications companies’ networks. The investigation into these compromises is still ongoing. This comes after CISA and the FBI confirmed the hack in late October after reports that a Chinese hacking group tracked as Salt Typhoon breached multiple broadband providers, including AT&T, Verizon, and Lumen Technologies. Today’s statement confirms Salt Typhoon gained access to US federal government systems used for wiretapping requests. While it is unknown how long these telecom networks have been breached, WSJ, based on information provided to it speculates that the adversary has had access for months or longer. Salt Typhoon is a sophisticated hacking group that has been active since at least 2019 and typically targets government entities and telecom organizations in the Southeast Asia region.

Security Officer Comments:
This statement coincides with Canada’s announcement that China-backed threat actors are targeting multiple Canadian government agencies with extensive network scans. This trend of cyber espionage from China-affiliated actors targeting government agencies is nothing new. However, the deviation from targeting countries like Taiwan to targeting US telecommunications networks is concerning. Another concern is that it is unclear the duration of which this adversary has had access to the network. The end goal of these breaches appears to be broad espionage, highlighting China’s belief in the importance of information warfare. The lack of in-depth analysis or further information regarding this malicious activity is likely because CISA and the FBI wish to keep operations covert so as to not apprise China-affiliated threat actors of the details of their investigation. It is paramount that organizations stay informed about this threat to help maintain the confidentiality and integrity of their networks as CISA and the FBI continue their investigation. Any organizations that believe they are victims of this activity are encouraged to contact the FBI or CISA.

Link(s):
https://www.bleepingcomputer.com/news/security/chinese-hackers-compromised-us-government-officials-private-communications-in-recent-telecom-breach/

https://content.govdelivery.com/accounts/USDHSCISA/bulletins/3c1b400