Recent reports confirm that telecommunications giants AT&T and Verizon have been breached as part of a significant espionage operation attributed to Chinese hackers. Both companies reassured that the intruders have now been expelled from their networks, following extensive remediation efforts.
The Chief Legal Officer of Verizon stated that there has been no detected malicious activity within their network for an extended period. In addressing the breach, he mentioned, “After considerable work addressing this incident, we can confirm that Verizon has contained the activities associated with this particular incident.” This statement reflects the company’s focus on cybersecurity resilience amidst growing threats.
AT&T echoed a similar sentiment. The company is working in coordination with law enforcement agencies and collaborating with other carriers to unravel the specifics of the breach. In their statement, AT&T acknowledged a limited number of attempts by the attackers to gather foreign intelligence, emphasizing that customer data was not significantly compromised during this incident.
“We detect no activity by nation-state actors in our networks at this time,” stated an AT&T spokesperson. The spokesperson further elaborated that the breach appeared to target “a small number of individuals of foreign intelligence interest,” indicating a highly focused approach by the adversaries.
T-Mobile also reported an intrusion related to the same hacking campaign, known as “Salt Typhoon,” in November. This attack involved breaches of the carrier’s routers, allowing hackers to explore lateral movement within the network. However, T-Mobile’s cybersecurity infrastructure effectively mitigated the attack after establishing the origin of the intrusion as a connected wireline provider’s network.
T-Mobile’s Chief Security Officer, Jeff Simon, assured that sensitive customer data remained secure throughout the incident, stating, “Bad actors had no access to sensitive customer data, including calls, voicemails, or texts.” This underscores the importance of robust cybersecurity measures in protecting consumer information in the face of rising threats.
Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technologies, added that this extensive hacking campaign has affected nine U.S. telecommunications firms. Additionally, she highlighted that the Chinese hackers had breached carriers across various countries, marking a worrying trend in global cybersecurity vulnerability.
In light of this incident, there are indications that the U.S. government may take stringent action, including potentially banning China Telecom’s remaining operations in the U.S. The FCC Chairwoman Jessica Rosenworcel outlined that there will be urgent measures to ensure U.S. carriers strengthen their networks against further intrusions. U.S. Senator Ron Wyden has also put forth a new bill aimed at enhancing the security of American telecom networks.
The hacking group behind these incidents, known as Salt Typhoon, has been operational since at least 2019. This group is recognized for targeting telecom companies and governmental entities across Southeast Asia and is associated with a variety of adversarial tactics and techniques relevant to the MITRE ATT&CK framework. Techniques that may have been employed in this attack include initial access through exploitation of external remote services and persistence via backdoor implementation, underscoring the need for organizations to bolster their proactive security measures against such sophisticated threats.
