Federal Agency Bans Mobile Calls Amid Chinese Cyber Threat

The Consumer Financial Protection Bureau (CFPB) just told their staff to stop using phones for work - no calls, no texts, nothing. They want everyone on Teams or WebEx instead. This is particularly interesting because government agencies don't drop blanket "don't use phones" directives unless something's seriously wrong.

The hack, which hit Verizon and AT&T, has Chinese intelligence fingerprints all over it. They're targeting senior U.S. officials, and while CFPB says they haven't been specifically targeted, they're not taking any chances. Other agencies are likely to follow suit - many U.S. officials are already getting phone-shy.

Why it matters: The CFPB's phone restrictions highlight how deeply the Chinese hack has rattled U.S. government operations and raises questions about the security of routine communications.

Key points:

• CFPB staff ordered to avoid mobile calls and texts for work-related matters (Source: WSJ)

• The hack has targeted senior national security officials and politicians across the U.S. government

• Many U.S. officials have already reduced phone use due to security concerns

• It is not explicitly said, but this order aligns with recent concerns about Salt Typhoon activity.

• As previously reported, Chinese hacking groups have conducted mass data collecting on phone communications, including high-level U.S. officials.

Context: Salt Typhoon and Volt Typhoon are advanced persistent threat (APT) groups linked to Chinese state-sponsored cyber activities, each employing distinct tactics to infiltrate and compromise critical infrastructure.

• Salt Typhoon has been active since at least 2020, focusing on cyber-espionage campaigns against targets in North America and Southeast Asia. The group is known for capturing network traffic and engaging in widespread data theft

• In September 2024, Salt Typhoon breached U.S. internet service provider networks, including those of AT&T, Verizon, and Lumen Technologies, accessing sensitive communications data from federal wiretapping systems.

• Volt Typhoon has been active since at least mid-2021, primarily targeting U.S. critical infrastructure sectors such as communications, energy, transportation, and water systems. The group employs "living off the land" techniques, utilizing built-in network administration tools to perform their objectives and blending in with normal system and network activities to evade detection.

• Volt Typhoon's activities are assessed as pre-positioning for potential disruptive or destructive cyber operations against U.S. critical infrastructure in the event of a major crisis or conflict.

• FBI Director Wray has been on record warning about Voly Typhoon’s infiltration of Internet edge devices and that they’re lying in wait.