7 October 2024

Chinese hackers reportedly compromise US court wiretap systems


Chinese hackers reportedly compromise US court wiretap systems

Chinese hackers accessed the networks of several US broadband providers and obtained sensitive information from systems used for court-authorized wiretapping, according to a report by The Wall Street Journal.

The attack, believed to have been orchestrated by a Chinese state-sponsored group dubbed “Salt Typhoon,” targeted major US telecom companies including Verizon Communications, AT&T, and Lumen Technologies.

Under US federal law, telecommunications companies are required to allow authorities to intercept electronic communications under court order, and the affected systems are used to support domestic criminal and national security investigations.

The hackers reportedly gained access to network infrastructure used by Verizon, AT&T, and Lumen to cooperate with lawful US requests for communications data and also infiltrated other internet traffic.

Investigators are currently working to determine the full extent of the hackers' access, as well as whether any data was exfiltrated from the compromised systems. Preliminary findings suggest that Salt Typhoon may have collected vast amounts of internet traffic.

Salt Typhoon (aka GhostEmperor, FamousSparrow) has been active since 2020 and has primarily focused on espionage and data theft, particularly capturing network traffic. The group has a history of infiltrating high-profile targets, including hotels and government agencies worldwide, likely to gather intelligence for the Chinese government.

The threat actor has also been linked to cyberattacks outside the US, with reports suggesting that a small number of service providers in other countries may have been targeted in this latest campaign.

Earlier this year, US law enforcement disrupted another Chinese hacking operation known as “Flax Typhoon,” aka RedJuliett and Ethereal Panda, involving a botnet consisting of more than 200,000 consumer devices such as SOHO routers, IP cameras, DVRs, and network-attached storage (NAS) devices.


Back to the list

Latest Posts

Cyber Security Week in Review: November 8, 2024

Cyber Security Week in Review: November 8, 2024

In brief: PAN Expedition bug exploited in the wild, 22,000+ servers and IPs linked to cybercrime disrupted, and more.
8 November 2024
Germany proposes new law to protect security researchers and toughen penalties for cybercrime

Germany proposes new law to protect security researchers and toughen penalties for cybercrime

The draft law also imposes harsher penalties for severe cases of spying on or intercepting data.
7 November 2024
North Korean hackers target crypto firms with new macOS malware in Hidden Risk campaign

North Korean hackers target crypto firms with new macOS malware in Hidden Risk campaign

The campaign involves a multi-stage malware that infects Apple macOS devices.
7 November 2024