FBI: ‘Broad and Significant’ Chinese Telecom Hack Impacts U.S. Officials

A new joint statement by U.S. government agencies confirmed that Chinese threat actors hacked telecom infrastructure in order to target “a limited number of individuals who are primarily involved in government or political activity.” The statement comes amid an ongoing government investigation of the hacks, after several media reports over the past month outlined widescale China-linked espionage efforts targeting U.S. internet service providers.

“The US government's continued investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign,” according to the Wednesday statement by the FBI and Cybersecurity and Infrastructure Security Agency (CISA). 

Key Details:

• The agencies confirmed that PRC-affiliated actors hit networks at multiple telecoms companies 

• The threat actors were able to steal customer call records data, target the private communications of individuals and copy “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” said the statement 

• Any organization that believes it might be a victim should reach out to CISA or to its local FBI field office

The Background: A September Wall Street Journal report said that the Chinese government had compromised a number of U.S. service providers in order to target sensitive information, including Verizon, AT&T and Lumen Technologies. The report linked the attacks to Salt Typhoon. 

While government agencies released a statement Oct. 25 acknowledging the unauthorized access to telecom giants, investigations have been ongoing and it’s clear that we don’t know the full extent of the compromise yet. Recently, for example, the Consumer Financial Protection Bureau issued a directive for staff to avoid using mobile calls and texts for work-related matters, highlighting that government agencies are worried about the scale of the attack.

What We Don’t Know:

• Who was impacted? According to the government’s statement, “a limited number of individuals who are primarily involved in government or political activity” are impacted, but we don’t know more about the specific number and the roles that these individuals maintain within the government or political arena

• When did the attacks start? In its initial September report on the attack, the Wall Street Journal said the hacks had started “in recent months.” However, we still don’t know the specific timeline - and other key details - of the incident

• What’s next? This is the big question. The U.S. government over the past year has been pointing to cyberattacks by the Chinese government on U.S. entities, particularly on critical infrastructure organizations. But this latest attack truly reveals the unprecedented extent of access that Chinese threat actors have to sensitive U.S. government data. In the short term, the government is still working to figure out how the hack occurred, and the FBI said “we expect our understanding of these compromises to grow as the investigation continues.”