China-Linked Hackers Breached 8 US Telecom Companies, White House Says
Why does this keep on happening?
By Frank Fang for NTD (edited by TPR)
A top White House official said on Dec. 4 that Chinese state-sponsored hackers compromised at least eight U.S. telecommunication companies.
Anne Neuberger, deputy national security adviser for cyber and emerging technologies, provided an update on the Chinese threat actor group called “Salt Typhoon” during a press briefing on Wednesday. The threat group is believed to have hacked into the communications of senior U.S. government officials and prominent political figures, she said.
“We don’t believe any classified communications has been compromised,” Neuberger said.
The Chinese hacking appeared to target a relatively small group of Americans, she added, with only their phone calls and texts compromised. (Which likely means 10’s or 100’s of thousands of people. — TPR)
The telecommunications companies that were breached have responded, but none of them “have fully removed the Chinese actors from these networks,” according to Neuberger.
“So there is a risk of ongoing compromises to communications until U.S. companies address the cybersecurity gaps the Chinese are likely to maintain their access,” Neuberger said.
In October, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified the Chinese hacks, saying at the time that an investigation was underway.
In late November, Neuberger and White House national security adviser Jake Sullivan hosted telecommunications executives for a meeting to share intelligence and discuss how the U.S. government and the private sector could work together.
Neuberger said President Joe Biden has been briefed multiple times on the issue. The White House “has made it a priority for the federal government to do everything it can,” she added.
Additionally, Neuberger pointed to efforts to improve cybersecurity in multiple sectors, including rail and energy, after the 2021 ransomware attack on Colonial Pipeline.
Also at Wednesday’s press briefing, a senior administration official said Salt Typhoon’s activities started at least a year or two ago. Additionally, the official said a “couple dozen” countries have been impacted by the Chinese hacking.
The FBI and the CSIA issued a joint statement on Nov. 13, revealing that Chinese hackers had compromised the networks of multiple telecom companies and stole customer call records and private communications from “a limited number of individuals who are primarily involved in government or political activity.” (Which, given the trustworthiness of the Feds, likely means 10’s or 100’s of thousands of people. — TPR)
On Tuesday, the FBI, the CISA, the National Security Agency (NSA), and international partners published a guide on best practices for protecting communication infrastructures.
CISA Executive Assistant Director for Cybersecurity Jeff Greene conceded on Tuesday that he didn’t have a timeline on when Chinese hackers could be purged from U.S. telecom networks.
“It would be impossible for us to predict when we’ll have full eviction,” Greene said at the time.
In September, the Justice Department announced that the FBI had taken down a botnet associated with “Flax Typhoon,” a threat group operating through the Beijing-based Integrity Technology Group. The botnet consisted of more than 200,000 consumer devices—such as network cameras, video recorders, and home and office routers—in the United States and elsewhere.
Another Chinese threat group, “Volt Typhoon,” began targeting a wide range of networks across U.S. critical infrastructure in 2021. The group, which was dismantled by a multi-agency operation in January, had maintained “access and footholds within some victim IT environments for at least five years,” according to CISA.
The feds have known about this for years, so why are we only hearing about their “attempts” to eliminate them now? They even admit they don’t know how long it will take to eradicate the threat!–TPR
