Chinese Hackers Breach US Telecoms, Accessing Government Officials’ Communications
CISA and the FBI have confirmed that Chinese hackers gained access to the “private communications” of certain U.S. government officials following breaches of several major American telecommunications companies. According to CISA and the FBI, the hackers accessed the “private communications of a limited group of individuals,” primarily associated with governmental or political activities.
Moreover, it was revealed that the hackers infiltrated U.S. federal systems used to execute court-ordered network traffic intercepts. Reports indicate that the intruders maintained access to these networks for several months, allowing them to amass substantial volumes of internet traffic traversing providers serving both large corporations and millions of ordinary users.
The perpetrators exploited their access to telecom networks to retrieve call data from devices used by Donald Trump, J.D. Vance, Kamala Harris, and other high-ranking officials across both political parties. Salt Typhoon managed to obtain Call Detail Records, which include detailed information on who communicated, when, for how long, and where calls were made.
In early October, initial reports emerged about breaches impacting the infrastructure of leading telecom operators such as Verizon, AT&T, and Lumen Technologies, along with some operators from allied countries. These attacks have been attributed to the Chinese cyber-espionage group Salt Typhoon, as identified by Microsoft.
Sources familiar with the investigation disclosed that the hackers were able to intercept phone calls and text messages, including those of senior officials responsible for U.S. national security and policy matters.
Following the disclosure of the attack, the U.S. Department of Homeland Security imposed stringent restrictions on staff communications, while the U.S. Consumer Financial Protection Bureau prohibited the use of phones for official communications. The agency later assured that its information systems had not been compromised by the hackers.
Salt Typhoon (also known as GhostEmperor and FamousSparrow) has been active since 2020, specializing in data theft and intelligence-gathering, with a focus on intercepting internet traffic. Most of its targets are located in North America and Southeast Asia. Other Chinese hacker groups, such as Flax Typhoon and Volt Typhoon, have also attempted to infiltrate U.S. critical infrastructure in preparation for potential cyberattacks.
