4 December 2024

Chinese hackers continue to target US telecom networks in prolonged spying campaign


Chinese hackers continue to target US telecom networks in prolonged spying campaign

US telecommunications companies are still working to root out state-sponsored Chinese hackers, known collectively as ‘Salt Typhoon,’ who infiltrated telecom networks in a spying campaign that started several months ago. US officials confirmed that the cyber espionage group has collected intelligence by compromising multiple telecom providers, with targets ranging from prominent government figures to select private individuals.

Among the hackers’ high-profile targets were phones belonging to President-elect Donald Trump and Vice President-elect JD Vance. Additionally, the attackers monitored communications from what the FBI described as a “limited number” of individuals in government and politics. The full scope of the breach remains unclear due to the varied methods Salt Typhoon used to infiltrate these networks and the broad range of their objectives.

Initial media reports suggested the hackers were focused on exploiting the Communications Assistance to Law Enforcement Act (CALEA), a legal framework enabling law enforcement wiretaps. However, officials clarified that CALEA was just one of several systems targeted.

Salt Typhoon reportedly harvested large amounts of metadata from phone calls and text messages, sweeping up information on call times, durations, and contacts. For a smaller subset of individuals, including US government officials, the group extracted content from calls and text messages.

Cybersecurity agencies from the Five Eyes alliance comprising the US, UK, Canada, Australia, and New Zealand released joint guidance on countering Chinese advanced persistent threats (APTs) targeting telecom networks.

The guidance provides best practices for network engineers and security teams, emphasizing enhanced visibility, better defense mechanisms for network devices, and strategic hardening of infrastructure against intrusions.

Back to the list

Latest Posts

Cybersecurity Week in Review: January 24, 2025

Cybersecurity Week in Review: January 24, 2025

In brief: SonicWall SMA zero-day exploited in attacks, hackers are exploiting older Ivanti flaws, and more.
24 January 2025
AIRASHI DDoS botnet exploits a zero-day vulnerability in cnPilot routers

AIRASHI DDoS botnet exploits a zero-day vulnerability in cnPilot routers

The attacks have been active since June 2024.
23 January 2025
SonicWall SMA zero-day exploited in attacks

SonicWall SMA zero-day exploited in attacks

SonicWall has released a patch in version 12.4.3-02854 and higher versions to address the issue.
23 January 2025