Chinese Hackers Breach US Telecoms, Access Wiretap Systems

A Chinese hacker group infiltrated the networks of American internet service providers, gaining access to systems used by the U.S. federal government for court-authorized wiretapping. The hackers may have remained undetected for several months.

Among the companies whose networks were breached are Verizon Communications, AT&T, and Lumen Technologies. The breach was carried out by the group Salt Typhoon, specializing in cyber espionage. The primary goal of the attack was intelligence gathering. However, the cybercriminals also intercepted internet traffic, which included data from millions of Americans and businesses of various sizes. There are indications that the hackers targeted provider networks in other countries as well.

Security experts are still unable to determine exactly how much data the hackers managed to steal. U.S. authorities and private experts are continuing the investigation and trying to assess the full scope of the attack. It remains unclear whether systems used for foreign intelligence were affected.

In the United States, this breach is being regarded as a serious and troubling incident. U.S. government officials have long warned of Chinese espionage operations, including hacking attempts on vulnerable networks, such as power plants and airports. There are growing concerns that such attacks may be part of preparations for future cyberattacks capable of causing significant disruptions in the event of a conflict.

Investigators are currently examining whether the hackers gained access to Cisco routers, which are critical components of the network. Cisco representatives have so far stated that they have found no signs of their devices being compromised, but the investigation is ongoing. Microsoft and other cybersecurity companies are also analyzing what specific information the attackers may have stolen.

Salt Typhoon (also known as GhostEmperor, FamousSparrow) has been active since 2020, focusing on data theft and intelligence gathering, particularly the interception of internet traffic. Most of its targets are in North America and Southeast Asia. Other Chinese hacker groups, such as Flax Typhoon and Volt Typhoon, have already attempted to breach critical U.S. infrastructure and have been preparing for potential cyberattacks.