China-affiliated hackers have compromised US officials’ data through a large-scale hack on telecommunications providers, according to the US government.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory on November 13 in which they shared more details on what they called “a broad and significant cyber espionage campaign.”
They confirmed that Chinese hackers have managed to steal customer call records data, compromise private communications of a limited number of people involved in government or political activity and copy information subject to US law enforcement requests under court orders.
This statement comes two weeks after the FBI and CISA started investigating the unauthorized access to commercial telecommunications infrastructure by Chinese threat actors.
Large-Scale Telecom Hack Leading to Compromise of US Officials
While US government agencies did not provide further attribution for this campaign, several US media outlets, including The Washington Post and the Wall Street Journal, reported in August and September that a hacking group known as Salt Typhoon was the main culprit.
These reports also revealed that targets included Verizon, AT&T and Lumen Technologies.
In October, Donald Trump’s presidential campaign was informed that the phones of both Trump and Vice-President-elect JD Vance, along with those of staff members from Kamala Harris’s 2024 presidential campaign, may have been compromised in the hack.
The US federal government formed a multi-agency team to address the hack.
A concurrent espionage and data theft campaign originating from Chinese state-sponsored threat actors has been targeting Canadian government officials.
Salt Typhoon Allegedly Responsible
Salt Typhoon is a cyber espionage group linked to China’s Ministry of State Security (MSS), which has been active since at least 2020.
Also known as FamousSparrow, GhostEmperor, Earth Estries and UNC2286, Salt Typhoon primarily engages in intelligence-gathering operations.
Its targets are mainly in North America and Southeast Asia, and the group has shown a preference for infiltrating telecom companies, government agencies, and critical infrastructure providers.
Read now: Sophos Warns Chinese Hackers Are Becoming Stealthier