Feds Identify Ninth Telecom Target in Salt Typhoon Cyberattack

U.S. officials have confirmed that a ninth telecommunications company has fallen victim to a series of cyberattacks orchestrated by Chinese threat actors linked to the Salt Typhoon campaign. These attackers have infiltrated critical communications systems, specifically aiming to extract sensitive information from high-level government and political figures.

The group, associated with Beijing’s intelligence operations, has reportedly maintained “broad and full” access to key telecommunications infrastructures across the United States. Their objectives include stealing customer call records and accessing sensitive law enforcement data. Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technologies, underscored that this advanced persistent threat group also successfully infiltrated systems used for authorized wiretaps, targeting notable political figures, including President-elect Donald Trump and Vice President-elect JD Vance.

Neuberger indicated that the hackers could potentially geolocate millions of Americans via their mobile devices while their primary focus remains a select group of government and politically affiliated individuals located primarily in the Washington, D.C. area. She highlighted that the sophistication of the hacking techniques enabled attackers to erase their digital footprints, complicating the ability to assess the full scope and impact of the breach.

Investigations initiated by the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI earlier this year revealed that targeted companies included major broadband providers such as Verizon Communications, AT&T, and Lumen Technologies. Experts have warned that the Salt Typhoon group, which has been operational since August 2019, continues to pose a significant threat to U.S. telecommunications infrastructure.

The alarming ease with which hackers accessed vulnerable networks, as evidenced by the breach of over 100,000 routers due to a single unsecured administrator account, has led Neuberger to call for heightened cybersecurity measures within telecom companies. While officials have opted not to disclose the identities of the affected firms or individuals, the potential for sensitive campaign communications to have been compromised remains a concerning possibility.

Neuberger emphasized the reality of China’s ongoing targeting of critical U.S. infrastructure. Despite the awareness of the threat, many private sector companies continue to neglect basic cybersecurity practices that could mitigate exposure.

In response to the situation, the federal government is expected to announce further measures next month aimed at holding the Chinese government accountable for this unprecedented intrusion into U.S. telecommunications. The Federal Communications Commission is poised to vote in January on a declaratory ruling designed to enhance cybersecurity protections for vital infrastructure, while the General Services Administration evaluates federal contracts to bolster cybersecurity across government systems.

Additionally, President Joe Biden recently authorized an annual defense budget allocating $3 billion to facilitate the replacement of Chinese-manufactured telecom equipment among smaller and rural carriers. The FCC’s Secure and Trusted Communications Networks Reimbursement Program, originally launched in 2020 with an investment of $1.9 billion, is facing challenges, as experts estimate a $3 billion funding gap to effectively neutralize the persistent threat posed by foreign-powered cyberattacks.

This incident underscores the need for heightened vigilance and robust cybersecurity practices within the telecommunications sector, particularly given the increasing sophistication of threats associated with nation-state actors like those linked to Salt Typhoon. As businesses assess their digital defenses, understanding the tactics and techniques facilitated by the MITRE ATT&CK framework—such as initial access, persistence, and privilege escalation—will be crucial in fortifying their cybersecurity strategies against such formidable adversaries.