The US FBI and Cybersecurity and Infrastructure Security Agency (CISA) are investigating a major cybersecurity breach reportedly linked to China, targeting the telecommunications infrastructure of multiple US companies.
In a statement the FBI and CISA have confirmed that they are “investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.” The agencies said the FBI initially detected suspicious activity targeting telecom companies and promptly notified and provided assistance to affected organizations.
The probe follows reports that devices used by prominent political figures, including Vice President Kamala Harris, former President Donald Trump, and Republican vice-presidential candidate JD Vance, may have been compromised.
According to a recent report from The New York Times, the China-affiliated hacking group, known as “Salt Typhoon,” had gained unauthorized access to systems of major telecom companies, such as Verizon, to potentially access data from devices connected to former President Trump, JD Vance, and people involved with Vice President Harris’ campaign. Sources told the Times that investigators are attempting to determine the scope of data exfiltrated from compromised phones.
CBS News and Reuters reported that devices belonging to other high-profile Democrats, including Senate Majority Leader Chuck Schumer, were allegedly breached by Salt Typhoon as well.
As of now, law enforcement is operating under the assumption that some hackers may still retain access to Verizon’s systems.
Last month, reports emerged that Salt Typhoon infiltrated several US Internet service providers (ISPs) in an effort to steal sensitive information. Salt Typhoon, aka FamousSparrow and GhostEmperor, first attracted attention in October 2021, following the discovery of a sophisticated cyber espionage campaign targeting Southeast Asia.
GhostEmperor’s campaign involved a rootkit called Demodex, which allowed the hackers to remain undetected while infiltrating high-profile organizations in countries like Malaysia, Thailand, Vietnam, and Indonesia. The group also reportedly targeted organizations as far afield as Egypt, Ethiopia, and Afghanistan.