Feds find ‘broad and significant’ China espionage campaign in US telecom networks

Dive Brief:

• A string of China-linked attacks on U.S. telecom networks are part of a “broad and significant cyber espionage campaign,” federal officials said Wednesday.
• The China-affiliated attackers compromised multiple telecommunications networks to steal call records and court-ordered information related to U.S. law enforcement requests.
• The widespread compromise included “private communications of a limited number of individuals who are primarily involved in government or political activity,” the FBI and Cybersecurity and Infrastructure Security Agency said in a joint statement.

Dive Insight:

The agencies launched an investigation into the attacks in late October, in the wake of reports that hackers affiliated with China targeted senior U.S. elected officials and candidates. 

The agencies’ brief update early into their probe of the malicious activities suggests the scale of the campaign and potential risk are wider than previously reported. 

The Federal Communications Commission, which regulates the telecommunications industry, declined to comment. The agency took an active role in enforcing cybersecurity and data protection in the sector this year, by expanding cooperation with state attorneys general and instituting new data breach reporting rules.

Intrusions by the state-sponsored threat group are part of an extensive effort to maneuver in preparation for future attacks, federal authorities warned earlier this year. “We expect our understanding of these compromises to grow as the investigation continues,” the agencies said.

Lawmakers quickly responded to the attacks last month after The Wall Street Journal reported a widespread espionage campaign linked to Salt Typhoon, a threat group affiliated with China’s government. A bipartisan group of lawmakers on the House Energy and Commerce Committee and the Communications and Technology Subcommittee sought details about the scope of the attacks and what information the group accessed.

In February, the Five Eyes warned that the China-affiliated group known as Volt Typhoon embedded into numerous transportation, energy, communications, and water and wastewater systems. In September, the FBI disrupted a massive botnet linked to another China-linked threat group known as Flax Typhoon.