For months or more, state-backed Chinese hackers have apparently been romping around in the networks of American broadband providers to access โinformation from systems the federal government uses for court-authorized network wiretapping requestsโ (โU.S. Wiretap Systems Targeted in China-Linked Hack,โ The Wall Street Journal, October 5, 2024). Companies hacked during the Salt Typhoon campaign include A&T, Verizon Communications, and Lumen Technologies.
The widespread compromise is considered a potentially catastrophic security breach [and] appeared to be geared toward intelligence collection….
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldnโt be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.
The attack and its significance was discovered in recent weeks and remains under active investigation by the U.S. government and private-sector security analysts. Investigators are still working to confirm the breadth of the attack and the degree to which the actors observed data and exfiltrated some of it….
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations.
U.S. officials are also worried about Chinese efforts to penetrate the networks of U.S. infrastructure, like that water treatment plants, power stations, and airports.
Previous responses of the Chinese representatives to news of Chinese cyberattacks boil down to โWho, us? We hate cyberattacks.โ With regard to the current breach, Liu Pengyu, a spokesman for the Chinese Embassy in Washington, says that โChina firmly opposes and combats cyberattacks and cyber theft in all forms.โ
Earlier in 2024, the U.S. reportedly disrupted a cyberattack dubbed Flax Typhoon launched by a group of state-affiliated Chinese hackers โmonths after confronting Beijing about sweeping cyber espionage under a campaign named โVolt Typhoonโ โ that China claimed had been launched by โan international ransomware organization.โ
Brandon Wales, a former executive director at the Cybersecurity and Infrastructure Security Agency, told the Journal that although investigators donโt yet know how bad the current breach is, โitโs the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game. If companies and governments werenโt taking this seriously before, they absolutely need to now.โ
Note that as the CIA seeks to recruit informants in China and elsewhere, we donโt know yet whether โsystems that support foreign intelligence surveillance were also vulnerable in the breach.โ
