In a recent cybersecurity breach, hackers connected to the Chinese government infiltrated the networks of several major US-based Internet service providers, potentially compromising systems used for government-authorized wiretaps.
The Wall Street Journal (WSJ) and The Washington Post recently reported on the attack which involves prominent companies like Verizon, AT&T, and Lumen (formerly CenturyLink).
The Wall Street Journal cited “people familiar with the matter,” stating that the cyberattack, attributed to a Chinese hacking group called Salt Typhoon, compromised the networks of US broadband providers. These intrusions may have provided the hackers access to systems handling court-authorized wiretap requests. According to the WSJ, “For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful US requests for communications data.”
Beyond wiretap systems, the hackers also gained access to broader internet traffic, though the full scope of the breach remains under investigation. The Washington Post described the hacking campaign as an “audacious espionage operation” with the suspected objective of uncovering Chinese targets of American surveillance. US officials have noted that the breach is in its early investigative stages, with the FBI, intelligence agencies, and the Department of Homeland Security all involved.
Verizon, one of the affected providers, has reportedly established a war room at its Ashburn, Virginia facility, where it is working with the FBI, Microsoft, and Google’s subsidiary Mandiant to address the situation. According to The Washington Post, the hackers managed to exfiltrate data from Verizon’s networks by reconfiguring Cisco routers, demonstrating a high level of sophistication. However, the breach also raises concerns about Verizon’s security measures.
According to a US security official, the possibility that US wiretapping systems were compromised is not yet confirmed, though there are “some indications” that such systems were targeted. The Washington Post also noted that President Joe Biden has been briefed on the situation. Still, it remains unclear what information, if any, the hackers might have obtained regarding federal surveillance targets or their communications.
While the US intelligence community continues to investigate, officials have not yet determined whether the hackers accessed information related to domestic criminal investigations or national security matters, such as espionage or terrorism.
Companies involved, including AT&T and Lumen, have so far declined to comment.
The Chinese Embassy in Washington responded by accusing the US intelligence community and cybersecurity firms of “secretly collaborating to piece together false evidence and spread disinformation” about China’s involvement in such attacks.
The Salt Typhoon campaign has been partially reported before, with some details emerging in late September; however, details regarding the involvement of Internet service providers and wiretap systems were only recently disclosed.