Chinese hackers accessed the networks of several US broadband providers and obtained sensitive information from systems used for court-authorized wiretapping, according to a report by The Wall Street Journal.
The attack, believed to have been orchestrated by a Chinese state-sponsored group dubbed “Salt Typhoon,” targeted major US telecom companies including Verizon Communications, AT&T, and Lumen Technologies.
Under US federal law, telecommunications companies are required to allow authorities to intercept electronic communications under court order, and the affected systems are used to support domestic criminal and national security investigations.
The hackers reportedly gained access to network infrastructure used by Verizon, AT&T, and Lumen to cooperate with lawful US requests for communications data and also infiltrated other internet traffic.
Investigators are currently working to determine the full extent of the hackers' access, as well as whether any data was exfiltrated from the compromised systems. Preliminary findings suggest that Salt Typhoon may have collected vast amounts of internet traffic.
Salt Typhoon (aka GhostEmperor, FamousSparrow) has been active since 2020 and has primarily focused on espionage and data theft, particularly capturing network traffic. The group has a history of infiltrating high-profile targets, including hotels and government agencies worldwide, likely to gather intelligence for the Chinese government.
The threat actor has also been linked to cyberattacks outside the US, with reports suggesting that a small number of service providers in other countries may have been targeted in this latest campaign.
Earlier this year, US law enforcement disrupted another Chinese hacking operation known as “Flax Typhoon,” aka RedJuliett and Ethereal Panda, involving a botnet consisting of more than 200,000 consumer devices such as SOHO routers, IP cameras, DVRs, and network-attached storage (NAS) devices.