5 Things To Know On The China-Linked ISP Hack

U.S. agencies disclosed that some government officials saw their communications compromised in connection with a major telecom hacking operation tied to the Chinese government.

U.S. agencies have disclosed that some government officials saw their communications compromised in connection with a major hacking operation that targeted internet service providers and has been linked to the Chinese government.

The statement released Wednesday by the FBI and CISA (Cybersecurity and Infrastructure Security Agency) also confirmed some previously reported details about the China-linked hack.

“The US government's continued investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign,” the agencies said in the joint statement.

What follows are five things to know about the China-linked ISP hack.

Multiple Telecoms Compromised

In the statement, the FBI and CISA said they have “identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies.”

The impacted telecoms were not identified.

In October, the Wall Street Journal reported that a China-linked hacking campaign had compromised Verizon, AT&T and Lumen Technologies. The operation was carried out by a group tracked as Salt Typhoon.

CRN has reached out to Verizon, AT&T and Lumen Technologies for comment.

Call, Wiretap Records Exposed

According to the FBI and CISA, the China-linked telecom hack compromised data including from customer call records.

The campaign also involved “the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the statement said.

The statement appears to confirm previous reporting from the WSJ, which indicated that the China-linked hackers may have been targeting federally used wiretapping systems, with the aim of accessing data that federal agencies had intercepted through court-approved surveillance.

‘Limited’ Number Of Officials Impacted

Notably, the statement from the FBI and CISA pointed to an impact upon government officials in connection with the China-linked ISP hack.

The campaign’s activities included “the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity,” the statement said.

In October, media outlets including the New York Times and WSJ reported that the Salt Typhoon attacks had targeted the campaigns of both of the then-candidates for president, Donald Trump and Kamala Harris, as well as the Republican vice presidential nominee, Sen. JD Vance.

Hack Timeframe

According to the WSJ’s report in September, the Salt Typhoon cyberattack campaign had targeted ISPs in the U.S. “in recent months,” with the threat actors seeking to obtain sensitive data.

The statement from the FBI and CISA did not specify when the campaign began or how long it lasted.

Previous WSJ reporting suggested the hacks had spanned at least several months.

Salt Typhoon’s Activities

Salt Typhoon has been carrying out attacks since 2020 primarily focused on data theft and espionage, according to Microsoft research cited in the WSJ report in October.

The group’s targets are mainly based in North America and Southeast Asia, Microsoft has found, according to the report.

Other security researchers have referred to the group under the names FamousSparrow and GhostEmperor.