5 Things to Know About the China-Linked ISP Hack

US agencies announced that some government officials saw their communications compromised in connection with a major telecom hacking operation tied to the Chinese government.

US agencies have announced that some government officials saw their communications compromised in connection with a major hacking operation targeting internet service providers and linked to the Chinese government.

The statement released Wednesday by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) also confirmed some previously reported details about the China-linked hack.

“The U.S. government’s ongoing investigation into the People’s Republic of China’s (PRC) commercial telecommunications infrastructure has uncovered a broad and significant cyberespionage campaign,” the agencies said in the joint statement. statement.

What follows are five things you need to know about the China-linked ISP hack.

Multiple telecom companies compromised

In the statement, the FBI and CISA said they “have determined that PRC-affiliated actors have compromised networks at multiple telecommunications companies.”

The affected telecom companies have not been identified.

In October the Wall Street Journal published reported that a China-linked hacking campaign had compromised Verizon, AT&T and Lumen Technologies. The operation was carried out by a group tracked as Salt Typhoon.

CRN has contacted Verizon, AT&T and Lumen Technologies for comment.

Call, wiretap records exposed

According to the FBI and CISA, the China-linked telecom hack compromised data from customer telephone conversations, among other things.

The campaign also included “copying certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the statement said.

The statement appears to confirm previous reporting from the WSJ, which indicated that the China-linked hackers may have targeted federally used wiretaps, aiming to gain access to data that federal agencies had intercepted through court-approved surveillance.

‘Limited’ number of civil servants affected

Notably, the FBI and CISA statement indicated an impact on government officials related to the China-linked ISP hack.

The campaign’s activities included “compromising private communications of a limited number of individuals primarily involved in government or political activities,” the statement said.

In October, media outlets including the New York Times and WSJ reported that the Salt Typhoon attacks targeted the campaigns of both then-presidential candidates, Donald Trump and Kamala Harris, as well as Republican vice presidential candidate Senator JD. Vance.

Hack time frame

According to the WSJ report in September, the Salt Typhoon cyberattack campaign had targeted ISPs in the US for “the past few months,” with the threat actors attempting to obtain sensitive data.

The FBI and CISA statement did not specify when the campaign began or how long it lasted.

Previous WSJ reports suggested the hacks had lasted at least several months.

The activities of Zoutyfoon

Salt Typhoon has been carrying out attacks since 2020 that are mainly aimed at data theft and espionage, according to research by Microsoft that was cited in the WSJ report in October.

The group’s targets are mainly located in North America and Southeast Asia, Microsoft said, according to the report.

Other security researchers have referred to the group as FamousSparrow and GhostEmperor.