{"id":819,"date":"2024-11-08T10:10:14","date_gmt":"2024-11-08T10:10:14","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=819"},"modified":"2024-11-08T10:10:14","modified_gmt":"2024-11-08T10:10:14","slug":"us-consumer-protection-agency-bans-employee-mobile-calls-amid-chinese-hack-fears","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=819","title":{"rendered":"US consumer protection agency bans employee mobile calls amid Chinese hack fears"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The US Consumer Financial Protection Bureau (CFPB) has issued an urgent directive barring employees and contractors from using mobile phones for work-related calls, following a major breach in US telecommunications infrastructure attributed to Chinese-linked hackers.<\/p>\n

According to an internal memo, CFPB\u2019s chief information officer advised staff to move sensitive discussions to secure platforms like Microsoft Teams and Cisco WebEx, reported the Wall Street Journal<\/a> (WSJ).<\/p>\n

Directive follows \u2018Salt Typhoon\u2019 attack on telecom infrastructure<\/h2>\n

The warning, prompted by fears of eavesdropping and data theft, follows what officials describe as an extensive espionage campaign believed to be carried out by a Chinese-linked hacking group, Salt Typhoon.<\/p>\n

This group is reported to have gained unauthorized access<\/a> to major US telecommunications infrastructure, including data from Verizon and AT&T, compromising the privacy of potentially thousands of Americans.<\/p>\n

\u201cDo NOT conduct CFPB work using mobile voice calls or text messages,\u201d the report said quoting the directive, urging employees to refrain from using both personal and work-issued phones for any discussions involving sensitive or non-public information.<\/p>\n

CFPB\u2019s chief information officer emphasized in the email that, while there is no indication that CFPB itself was directly targeted, the directive is a proactive measure to reduce risks.<\/p>\n

\u201cWhile there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised,\u201d the email sent to all CFPB employees and contractors read.<\/p>\n

Data access raises alarm over espionage targets<\/h2>\n

Salt Typhoon\u2019s infiltration reportedly gave them access to extensive data, including call logs, unencrypted text messages, and even audio recordings of high-profile individuals connected to national security and political campaigns, including members of the Trump and Harris presidential campaigns, according to WSJ.<\/p>\n

\u201cSalt Typhoon\u2019s access to call logs, unencrypted texts, and audio communications poses a severe threat to national security. Such data can reveal sensitive information about government operations, defense strategies, and intelligence activities,\u201d said Arjun Chauhan, senior analyst at Everest Group. \u201cFor individuals in sensitive roles, this breach compromises personal security, exposes confidential communications, and increases the risk of coercion or blackmail.\u201d<\/p>\n

While US agencies regularly remind employees of cybersecurity best practices, the specificity of the CFPB\u2019s directive reflects heightened government concerns about the nature and scope of this particular breach.<\/p>\n

\u201cSeveral government officials, wary of these vulnerabilities, have already limited their cellphone use,\u201d the report quoted a former official, noting that this caution stems from an awareness that hackers can scoop up sensitive interactions with senior officials and policymakers.<\/p>\n

In September this year<\/a>, the same threat actor, Salt Typhoon, had allegedly hacked US ISPs for cyber espionage.<\/p>\n

Federal cybersecurity on high alert<\/h2>\n

The Cybersecurity and Infrastructure Security Agency (CISA), the federal body responsible for guiding cybersecurity policy across US civilian agencies, has yet to issue an official response to the attack. However, the scale of this breach has prompted discussions on reevaluating mobile communication policies within federal agencies.<\/p>\n

A query to CISA remains unanswered.<\/p>\n

\u201cBeyond restricting mobile device use, agencies should implement end-to-end encryptions for all communications to prevent unauthorized access,\u201d Everest Group\u2019s Chauhan added. \u201cRegular security audits and updates of telecom infrastructure are essential to identify and patch vulnerabilities. Training employees on recognizing phishing attempts and secure communication practices can further reduce risks.\u201d<\/p>\n

Besides, establishing incident response protocols ensures swift action in case of a breach, minimizing potential damage,\u201d Chauhan noted.<\/p>\n

The CFPB\u2019s directive underscores the need for secure communication channels within the US government amid increasing risks from foreign adversaries. The full extent of the breach and the details of any other compromised agencies remain under investigation, with federal agencies, particularly those in national security, expected to tighten communication protocols to safeguard against similar threats.<\/p>\n

As investigators continue to assess the impact of Salt Typhoon\u2019s attack, this incident serves as a stark reminder of the importance of stringent cybersecurity protocols to protect sensitive information from sophisticated espionage efforts.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The US Consumer Financial Protection Bureau (CFPB) has issued an urgent directive barring employees and contractors from using mobile phones for work-related calls, following a major breach in US telecommunications infrastructure attributed to Chinese-linked hackers. According to an internal memo, CFPB\u2019s chief information officer advised staff to move sensitive discussions to secure platforms like Microsoft […]<\/p>\n","protected":false},"author":0,"featured_media":820,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-819","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/819"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=819"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/819\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/820"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=819"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=819"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=819"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}