CISA and the FBI confirmed that Chinese hackers compromised the “private communications” of a “limited number” of government officials after breaching multiple U.S. broadband providers.
The attackers also stole other information from the companies’ compromised systems, including information related to customer call records and law enforcement requests.
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data,” the two agencies said in a joint statement issued on Wednesday.
They added that the attackers also compromised the “private communications of a limited number of individuals who are primarily involved in government or political activity” and stole “certain information that was subject to U.S. law enforcement requests pursuant to court orders.”
This comes after CISA and the FBI confirmed the hack in late October after reports that a Chinese hacking group tracked as Salt Typhoon (aka Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) breached multiple broadband providers, including AT&T, Verizon, and Lumen Technologies.
Today’s joint statement also confirms reports that the threat group had access to U.S. federal government systems used for court-authorized network wiretapping requests.
Hackers reportedly maintained access for months
While it’s unknown when the telecom networks were first breached, people familiar with the matter told WSJ that the Chinese hackers had access “for months or longer,” which allowed them to collect vast amounts of “internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers.”
Canada also revealed last month that China-backed threat actors targeted many Canadian government agencies and departments in broad network scans, including federal political parties, the Senate, and the House of Commons.
“They also targeted dozens of organizations, including democratic institutions, critical infrastructure, the defence sector, media organizations, think tanks and NGOs,” the Government of Canada said.
Salt Typhoon is a sophisticated hacking group that has been active since at least 2019 and typically focuses on breaching government entities and telecommunications companies in Southeast Asia.
In similar yet unrelated attacks, another Chinese threat group tracked as Volt Typhoon hacked multiple ISPs and MSPs in the United States and India after breaching their corporate networks using credentials stolen by exploiting a Versa Director zero-day.
