For months or more, state-backed Chinese hackers have apparently been romping around in the networks of American broadband providers to access “information from systems the federal government uses for court-authorized network wiretapping requests” (“U.S. Wiretap Systems Targeted in China-Linked Hack,” The Wall Street Journal, October 5, 2024). Companies hacked during the Salt Typhoon campaign include A&T, Verizon Communications, and Lumen Technologies.
The widespread compromise is considered a potentially catastrophic security breach [and] appeared to be geared toward intelligence collection….
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.
The attack and its significance was discovered in recent weeks and remains under active investigation by the U.S. government and private-sector security analysts. Investigators are still working to confirm the breadth of the attack and the degree to which the actors observed data and exfiltrated some of it….
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations.
U.S. officials are also worried about Chinese efforts to penetrate the networks of U.S. infrastructure, like that water treatment plants, power stations, and airports.
Previous responses of the Chinese representatives to news of Chinese cyberattacks boil down to “Who, us? We hate cyberattacks.” With regard to the current breach, Liu Pengyu, a spokesman for the Chinese Embassy in Washington, says that “China firmly opposes and combats cyberattacks and cyber theft in all forms.”
Earlier in 2024, the U.S. reportedly disrupted a cyberattack dubbed Flax Typhoon launched by a group of state-affiliated Chinese hackers “months after confronting Beijing about sweeping cyber espionage under a campaign named ‘Volt Typhoon’ ” that China claimed had been launched by “an international ransomware organization.”
Brandon Wales, a former executive director at the Cybersecurity and Infrastructure Security Agency, told the Journal that although investigators don’t yet know how bad the current breach is, “it’s the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game. If companies and governments weren’t taking this seriously before, they absolutely need to now.”
Note that as the CIA seeks to recruit informants in China and elsewhere, we don’t know yet whether “systems that support foreign intelligence surveillance were also vulnerable in the breach.”
