{"id":850,"date":"2024-11-14T12:27:48","date_gmt":"2024-11-14T12:27:48","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=850"},"modified":"2024-11-14T12:27:48","modified_gmt":"2024-11-14T12:27:48","slug":"us-says-china-conducted-massive-espionage-through-breached-telcos","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=850","title":{"rendered":"US says China conducted massive espionage through breached telcos"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Multiple US telecommunications companies were hacked into by a People\u2019s Republic of China (PRC)-backed threat actor to carry out a full-blown cyber-espionage attack, according to a joint FBI and CISA statement issued on Wednesday.<\/p>\n

During what the FBI is calling a \u201cbroad and significant cyber espionage campaign,\u201d the threat actors used compromised networks within these companies to steal customer call records data.<\/p>\n

The offense included theft of \u201cprivate communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders,\u201d the statement<\/a> added.<\/p>\n

The statement is in line with a recent report by WSJ in October, which said a China-backed threat actor, tracked by Microsoft as Salt Typhoon, has hacked into<\/a> US internet service provider (ISP) networks to steal sensitive US data and establish persistence.<\/p>\n

Queries sent to CISA for further details on the investigation did not elicit a response until the publishing of this article.<\/p>\n

Affected telcos likely include AT&T, Verizon<\/h2>\n

While the FBI held out on more technical details of the investigation, adding \u201cour understanding of these compromises to grow as the investigation continues,\u201d WSJ had reported<\/a> that three leading US broadband providers \u2014 AT&T, Lumen Technologies, and Verizon Communications \u2014 may have been affected. \u00a0<\/p>\n

The campaign targeted sensitive US surveillance systems that are used to comply with court-authorized wiretappings that the companies in question have to provide to the FBI and other agencies for criminal and national security investigations.<\/p>\n

The hackers may have also targeted<\/a> the phones of President-elect Donald Trump and running mate JD Vance.\u00a0<\/p>\n

Days before the official joint statement on Wednesday, several House committees including, the Energy and Commerce, Homeland Security, Intelligence, and Judiciary panels, reportedly<\/a> received briefings on the campaign.<\/p>\n

The initial reporting of the Salt Typhoon campaign had sent investigators looking for signs of compromise in Cisco Systems routers, as they are the core network components that route much of the traffic on the internet.<\/p>\n

A Cisco spokesperson, however, had said<\/a> that a preliminary investigation revealed no such intrusions. Other key TTPs used by China-backed actors include infecting ISPs through zero-days<\/a>, as in the case of China\u2019s Volt Typhoon, warned against by CISA<\/a> using Fortinet bugs in espionage campaigns before its takedown<\/a> by law enforcement in January.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Multiple US telecommunications companies were hacked into by a People\u2019s Republic of China (PRC)-backed threat actor to carry out a full-blown cyber-espionage attack, according to a joint FBI and CISA statement issued on Wednesday. During what the FBI is calling a \u201cbroad and significant cyber espionage campaign,\u201d the threat actors used compromised networks within these […]<\/p>\n","protected":false},"author":0,"featured_media":851,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-850","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/850"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=850"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/850\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/851"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}