Chinese hackers access US telecom firms, worrying national security officials
A highly skilled group of Chinese government-linked hackers has in the last several months infiltrated multiple US telecommunications firms in a likely search for sensitive information bearing on national security, multiple sources briefed on the matter told CNN.
US investigators believe the hackers potentially accessed wiretap warrant requests, two of the sources said, but officials are still working to determine what information the hackers may have obtained. US broadband and internet providers AT&T, Verizon and Lumen are among the targets, the sources said.
US officials are concerned about the potential national security damage done by the hacking, which they only recently discovered. It’s the latest sophisticated hack targeting US federal agencies that investigators have linked to China, and it comes amid tensions between Washington and Beijing over cyber-espionage and other high-stakes national security issues.
As the backbone of internet and phone communications, US telecom firms hold enormous volumes of caller and user data. US law enforcement agencies request access, through a warrant, to specific portions of that data as part of criminal and national security investigations.
Some of those investigations would be of keen interest to Beijing. The US government has in recent years brought charges against Chinese government agents for allegedly harassing Chinese nationals on US soil and for hacking political dissidents and American companies.
AT&T and Lumen declined to comment. Verizon did not respond to multiple requests for comment.
The Justice Department and the FBI declined to comment.
The Chinese Embassy in Washington, DC, denied that Beijing-backed hackers had breached US telecom firms, calling that information “a distortion of the fact.” Embassy spokesperson Liu Pengyu accused the US of “politicizing cybersecurity issues to smear China.”
The Wall Street Journal first reported on the hacking activity.
US officials have briefed the House and Senate intelligence committees on the Chinese hacking campaign, two sources said. Cybersecurity experts from Microsoft and Google-owned firm Mandiant have been helping to investigate the hacking activity.
People probing the hacks have been struck by the hackers’ skill, persistence and ability to burrow into computer networks, the sources briefed on the matter said. The Chinese hacking team in question is known in the cybersecurity industry as Salt Typhoon.
“We track Salt Typhoon and have seen activity consistent with public news reports,” a Microsoft spokesperson told CNN. “When we see nation state activity, we provide customers with information to investigate as appropriate.”
Yet the Chinese government has an array of other hacking teams at its disposal that can conduct espionage or disrupt computer networks, according to US officials and private experts. FBI Director Christopher Wray has said that Chinese government-backed hackers outnumber FBI cyber personnel 50 to 1.
Another Chinese government-backed hacking group has been lurking in US transportation and communication networks, waiting to use that access to disrupt any US response to a potential Chinese invasion of Taiwan, US officials have alleged.
Yet another Chinese group broke into the unclassified email accounts of senior US diplomats last year on the eve of a high-profile visit by Secretary of State Antony Blinken to China, CNN reported.
Seeking to sway public opinion in the face of detailed US government allegations, China has increasingly accused the US government of conducting cyberattacks against Chinese organizations.
Hacking and information operations are a regular point of contention in bilateral meetings. Chinese leader Xi Jinping told US President Joe Biden that China would not interfere in the 2024 presidential election when the two men met in California last year, CNN previously reported.
For more CNN news and newsletters create an account at CNN.com