China-linked spies are still lurking inside U.S. telecommunications networks roughly six months after American officials started investigating the intrusions, senior officials told reporters Tuesday.
Why it matters: This is the first time U.S. officials have confirmed reports that Salt Typhoon hackers still have access to critical infrastructure — and they’re proving difficult to kick out.
- Officials added that they don’t yet know the full scope of the intrusions, despite starting the investigation in late spring.
Driving the news: The Cybersecurity and Infrastructure Security Agency and FBI released guidance Tuesday for the communications sector to harden their networks against Chinese state-sponsored hackers.
- The guide includes basic steps like maintaining logs of activity on the network, keeping an inventory of all devices in the telecom’s environment and changing any default equipment passwords.
Threat level: The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with, a senior FBI official told reporters during a briefing.
- Most of the people who were caught up in this wide-reaching collection are believed to be in the D.C. metro area, the official added.
- And in a limited number of targeted cases, Salt Typhoon also sought out specific individuals to intercept their text messages and to listen in on phone calls.
Yes, but: Senior FBI and CISA officials in the briefing declined to say how many communications providers have been impacted or how many individuals may have been caught up in the broad collection.
Catch up quick: President-elect Donald Trump, VP-elect JD Vance, Vice President Kamala Harris and their associates have all been reportedly targeted.
Reality check: None of Salt Typhoon’s methods for hacking these networks appear to be new or highly sophisticated, a senior CISA official said.
- Many of the ways they’re getting in align “with existing weaknesses with the infrastructure” that telecom providers rely on, the official added.
- Up to 80 telcos and internet providers have likely been affected by the sweeping hack, Politico reported last month.
The bottom line: The FBI and CISA officials say they don’t yet have a timeline for when U.S. telcos will fully eradicate Salt Typhoon from their networks.
- The companies that have been working with the U.S. government the longest are “the furthest along in kicking the actors off their networks,” the FBI official said.
- For now, officials say they’re advising government employees to use encrypted services for their phone calls and text messages.
