A serious cyberattack attributed to Chinese hackers has compromised at least three major U.S. telecommunications companies, including Verizon, AT&T, and Lumen. This breach is being investigated by the FBI and other federal agencies, raising significant concerns about national security and the integrity of critical communication infrastructure. According to U.S. officials, the hackers appear to be on a mission to gather intelligence on Chinese targets under U.S. surveillance.
Initial Findings and Investigative Process
The breach was initially reported by the *Wall Street Journal*, and U.S. officials have since confirmed that President Biden has been briefed on the ongoing situation. Investigators are still assessing the scale of the intrusion, and much remains unknown about the extent of the compromise. Given the sensitive nature of this incident, officials have chosen to remain anonymous and are withholding specific details.
As the Biden administration increasingly views China as a formidable strategic adversary, the timing of this breach complicates an already tense relationship. The U.S. and China are navigating a complex dynamic, balancing economic competition and military rivalry while striving to avoid outright conflict.
Objectives of the Attack
U.S. intelligence officials believe that one of the main objectives of the hackers was to access data related to lawful federal wiretap requests. Reports suggest that the hackers may have targeted systems designed to facilitate these requests, but they likely accessed a broader range of internet traffic as well. The attackers are linked to China’s Ministry of State Security (MSS) and are identified as a group named “Salt Typhoon” by cybersecurity firm Microsoft.
Brandon Wales, former executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, noted the potential ramifications of this breach, describing the situation as one with “potentially staggering” impacts.
Chinese Government Denial
In response to these allegations, Liu Pengyu, a spokesman for the Chinese Embassy in Washington, dismissed the claims as unfounded. He accused the U.S. intelligence community and cybersecurity firms of fabricating evidence to justify increased funding for their operations, asserting that China is also a victim of cyberattacks.
Uncertain Consequences
The full implications of the breach remain uncertain. It is not clear whether the hackers accessed sensitive lists of federal surveillance targets or intercepted any communications. Officials have yet to determine if the hacking activities are connected to national security cases or domestic criminal investigations.
Former intelligence officials warn that if Chinese hackers obtained intelligence on U.S. surveillance efforts, it could severely disrupt American intelligence operations, potentially allowing China to counteract U.S. efforts and mislead agencies with disinformation.
A History of Cyber Espionage
China’s history of targeting Western countries, particularly the U.S., is extensive. Over the years, Chinese hackers have been involved in stealing sensitive industrial and technological information while also seeking to understand the strategic intentions of U.S. policymakers. In addition to high-profile breaches, China has engaged in cyberattacks on critical infrastructure sectors, such as energy and transportation, likely as a means to prepare for potential conflicts.
Previous Major Incidents
This latest breach is reminiscent of previous high-profile hacking incidents, including Operation Aurora in 2010, which targeted Google and exposed sensitive surveillance data. More recently, a group associated with the Chinese military, dubbed “Volt Typhoon,” has infiltrated various critical U.S. entities, raising alarms about the security of American infrastructure.
Corporate Reactions and Security Concerns
In light of the Salt Typhoon breach, Verizon has established a dedicated incident response team at its facility in Ashburn, Virginia, working alongside experts from the FBI, Microsoft, and Google’s Mandiant. Reports indicate that the hackers managed to extract data by reconfiguring Cisco routers, highlighting a worrying gap in Verizon’s security measures.
While Verizon has refrained from commenting on the ongoing investigation, the breach underscores the vulnerabilities that exist within even the most secure telecommunications networks.
The Salt Typhoon operation is separate from the Volt Typhoon incidents, and current evidence does not suggest a coordinated effort between the two. However, the increasing frequency of Chinese cyberattacks poses a significant risk to U.S. infrastructure.
