Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Chinese Hackers Tied to US National Security Eavesdropping

Cyberespionage 'Salt Typhoon' Operation Infiltrated Telcos' Infrastructure
Chinese Hackers Tied to US National Security Eavesdropping
Image: Shutterstock

The apparent impact of a major U.S. national security breach attributed to China continues to expand, as do the ramifications of what looks to be a major counterintelligence failure.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Public warnings concerning the cyberespionage campaign first emerged in early October, tied to intrusions of major telecommunications providers' infrastructure, including Verizon, AT&T and Lumen Technologies, as well as some providers in allied countries. All were allegedly breached as part of a cyber espionage operation tied to a Chinese advanced persistent threat group codenamed Salt Typhoon by Microsoft (see: Feds Probe Chinese 'Salt Typhoon' Hack of Major Telcos).

Individuals with knowledge of the ongoing investigation now believe that hackers successfully eavesdropped on mobile phone audio and written communications "used by an array of senior national security and policy officials across the U.S. government in addition to politicians," The Wall Street Journal reported Tuesday.

The hackers' penetration of U.S. and allied' telecommunications infrastructure lasted for at least eight months, it said.

The U.S. government has confirmed the attacks. Multiple agencies "are collaborating to aggressively mitigate this threat," the FBI and CISA said on Oct. 25. Probes continue into "the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China."

The White House reportedly launched a Cyber Unified Coordination Group on Oct. 8 to respond to the attacks. The Presidential Policy Directive 41 signed by President Barack Obama in 2016 says a coordination group should be launched by the National Security Council to "coordinate the development and implementation of United States government policy and strategy with respect to significant cyber incidents affecting the United States or its interests abroad."

By publicly available counts, this is the fourth time the White House established a Cyber UCG, the Congressional Research Search reported on Oct. 29. Previous crises meriting a cyber group include China's compromise of Microsoft Exchange services in 2021 and Russia's compromise of SolarWinds in 2021. The White House also convened a group in 2023 in response to Russia's ongoing invasion of Ukraine.

The Cyber Safety Review Board, created in 2021 by an executive order from President Joe Biden, is chartered with investing in major cybersecurity incidents, akin to how the National Transportation Safety Board investigates aviation incidents. The presidential order requires the CSRB to convene following any cyber incident that triggers a UCG.

Last week, officials told Information Security Media Group that the CSRB will launch a review into the Chinese hack "at the appropriate time" (see: Key Federal Cyber Panel to Probe Chinese Telecoms Hacking).

Microsoft uses the codename Typhoon to refer to Chinese state-sponsored hacking groups.

The two other such groups Microsoft has publicly disclosed are Volt Typhoon, which has been tied to attack targeting critical infrastructure for likely prepositioning to disrupt such infrastructure in the event of a conflict; and Flax Typhoon, tied to Beijing-backed private companies that also appear to target U.S. and allied critical infrastructure, including via botnets.

The U.S. intelligence community has assessed that the People's Republic of China poses "the most active and persistent cyber threat" to the U.S.

China's aim is "to hold at risk U.S. and allied critical infrastructure, shape U.S. decision-making in a time of crisis and use cyber capabilities to augment PRC geopolitical objectives," according to the U.S. Office of the National Cyber Director.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.