“We understood that several dozen countries had been affected” : Anne Neuberger, US National Security Advisor for Cybersecurity, announced on December 4 that the recently publicized hacking of US telecom companies actually had much greater repercussions. In the United States, eight major telecoms players are affected, including AT&T, T-Mobile, Lumen Technologies and Verizon.
Trump and Harris campaign teams targeted
Shortly before the US presidential election, the FBI and the US cybersecurity agency, CISA, said that Chinese hackers had targeted several telecom providers. In particular, they intercepted the communications of certain officials from the campaign teams of Kamala Harris and Donald Trump. Behind these large-scale attacks is the Salt Typhoon hacker group, suspected of being affiliated with the Chinese state.
According to the Wall Street Journalit had already been several months since Salt Typhoon cybercriminals infiltrated AT&T, Verizon and Lumen. Their goal? Obtain information from systems used by the government to carry out court-authorized wiretaps. They would also potentially have had access to the names of Chinese targets under American surveillance.
A spy campaign “in progress, probably for one to two years”
In its press briefing organized yesterday, the White House provided details on the extent of this cyberattack. She reveals that this campaign also targeted telecom operators in Europe and the Indo-Pacific region. She adds that “Chinese access was broad in terms of potential for American communications”but that the campaign only targeted “certain senior government and political officials”. The authorities further believe that “classified communications have not been compromised”. Politico reports that 80 telecom operators would be affected worldwide.
The White House also confirmed that this campaign was “is in progress, probably for one to two years”which means that Chinese cybercriminals have not been eliminated from the systems of telecom operators. At the same time, CISA claimed that the hackers had broken into the systems “by exploiting existing infrastructure weaknesses”and that it had not set a timetable for knowing when telecom operators will chase cybercriminals from their networks.
Cybersecurity practices of telecom operators called into question
“If companies had minimal practices in place, it would make accessing and maintaining access much riskier, more difficult and more expensive for the Chinese”supports the White House. The latter notably mentions keeping patches up to date, an architecture to monitor unusual behavior and the management of administrator accounts with multi-factor authentication.
The FBI and CISA, in partnership with the NSA, nevertheless issued emergency directives to telecom companies yesterday. This includes basic recommendations, such as keeping logs of network activity, maintaining an inventory of all devices, or changing default passwords. Jeff Greene, CISA's deputy director for cybersecurity, also advised Americans to use encrypted messaging apps.
Selected for you
