2024 United States telecommunications hack

Last updated

On August 27, 2024, The Washington Post reported that two major internet service providers in the United States had been compromised by China. [1] AT&T, Verizon, Lumen Technologies, and T-Mobile were reported to have been affected by the Salt Typhoon advanced persistent threat linked to the China's Ministry of State Security. [2] [3] [4]

Contents

It was later reported that Salt Typhoon affected at least nine telecommunications firms in the U.S. and had also affected dozens of other countries. [5] [6]

Initial access

The attackers exploited vulnerabilities in unpatched Fortinet and Cisco network devices and routers. They also gained access to a high-level network management account that wasn’t protected by multi-factor authentication. Hijacking router(s) inside AT&T's network then gave them access to over 100,000 routers from which further attacks could be launched. [7]

It is believed that the hackers had access to the networks for over a year before the intrusions were detected by threat researchers at Microsoft. [8]

Impact

On December 27, 2024 Anne Neuberger stated in a White House press conference that the total list of affected telecom companies now stood at 9 after a "hunting guide" was distributed to "key telecom companies" which details how to identify this type of intrusion. [9]

Companies confirmed to have been breached in this attack are: [7]

Call records

A high priority for the attackers was records of phone calls made by people who work near Washington D.C. These records corresponded to over a million users and included: date and time stamps, source and destination IP addresses, phone numbers and unique phone identifiers. [7]

Wiretaps

The hackers got an almost complete list of phone numbers being wiretapped by the Justice Department' "lawful intercept" system. This system monitors people suspected of committing crimes or spying.

Officials said having this information would help China know which Chinese spies the United States have identified. [8]

Presidential election

In October, Donald Trump's campaign was notified that phones used by Trump and JD Vance may have been affected by the hack as well as the staff of the Kamala Harris 2024 presidential campaign. [10]

Response

In October 2024, The Washington Post reported that the U.S. federal government formed a multi-agency team to address the hack. [11] In December 2024, the U.S. moved to crack down on China Telecom's cloud operations in the U.S. in response to the hack. [12]

On December 4, 2024 the CISA, FBI, and cybersecurity agencies from New Zealand, Canada, and Australia jointly released a guide for hardening network infrastructure titled Enhanced Visibility and Hardening Guidance for Communications Infrastructure. The agencies urged network engineers, particularly ones at telecom companies, to implement the security best practices described therein. [13]

On December 10, Senator Ron Wyden released a draft of the Secure American Communications Act, a bill which would order the FCC to require telecoms to adhere to a list of security requirements and perform annual tests to check for vulnerabilities. [14]

On January 17, 2025, the U.S. Treasury Department sanctioned a Chinese cybersecurity and a hacker, both with ties to the Ministry of State Security, for their alleged roles in the hack. [15]

See also

Related Research Articles

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

The Communications Assistance for Law Enforcement Act (CALEA), also known as the "Digital Telephony Act," is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton.

The government of the People's Republic of China is engaged in espionage overseas, directed through diverse methods via the Ministry of State Security (MSS), the Ministry of Public Security (MPS), the United Front Work Department (UFWD), People's Liberation Army (PLA) via its Intelligence Bureau of the Joint Staff Department, and numerous front organizations and state-owned enterprises. It employs a variety of tactics including cyber espionage to gain access to sensitive information remotely, signals intelligence, human intelligence as well as influence operations through united front activity targeting overseas Chinese communities and associations. The Chinese government is also engaged in industrial espionage aimed at gathering information and technology to bolster its economy, as well as transnational repression of dissidents abroad such as supporters of the Tibetan independence movement and Uyghurs as well as the Taiwan independence movement, the Hong Kong independence movement, Falun Gong, pro-democracy activists, and other critics of the Chinese Communist Party (CCP). The United States alleges that the degree of intelligence activity is unprecedented in its assertiveness and engagement in multiple host countries, particularly the United States, with economic damages estimated to run into the hundreds of billions according to the Center for Strategic and International Studies.

<span class="mw-page-title-main">ZPMC</span> Chinese state-owned crane manufacturer

Shanghai Zhenhua Heavy Industries Company Limited is a Chinese state-owned engineering company and the world's largest manufacturer of cranes and large steel structures. In 2015 the company accounted for about 75% of the world-market share for container cranes.

<span class="mw-page-title-main">TP-Link</span> Chinese technology company

TP-Link is a Chinese company that manufactures network equipment and smart home products. The company was established in 1996 in Shenzhen. TP-Link's main headquarters is located in Nanshan, Shenzhen; there is a smaller headquarters in Irvine, California. It has subsidiaries operating globally and owns several brands, including Deco, Tapo, Omada, VIGI, Aginet, Kasa Smart, and Mercusys. The company has been investigated by the governments of India and the United States for national security risks.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Lumen Technologies, Inc. is an American telecommunications company headquartered in Monroe, Louisiana, which offers communications, network services, security, cloud solutions, voice and managed services through its fiber optic and copper networks, as well as its data centers and cloud computing services. The company has been included in the S&P 600 index since being removed from the S&P 500 in March 2023.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak, Peter Lee, and Shujun Wang. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

Mandiant, Inc. is an American cybersecurity firm and a subsidiary of Google. Mandiant received attention in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021.

Concerns over Chinese involvement in 5G wireless networks stem from allegations that cellular network equipment sourced from vendors from the People's Republic of China may contain backdoors enabling surveillance by the Chinese government and Chinese laws, such as the Cybersecurity Law of the People's Republic of China, which compel companies and individuals to assist the state intelligence agency on the collection of information whenever requested. The allegations came against the backdrop of the rising prominence of Chinese telecommunication vendors Huawei and ZTE in the 5G equipment market, and the controversy has led to other countries debating whether Chinese vendors should be allowed to participate in 5G deployments.

Double Dragon is a hacker group with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

DarkSide is a cybercriminal hacking group, believed to be based in Russia, that targets victims using ransomware and extortion; it is believed to be behind the Colonial Pipeline cyberattack. The group provides ransomware as a service.

<span class="mw-page-title-main">Robert P. Silvers</span> American lawyer & government official

Robert Peter Silvers is an American lawyer and government official who has served as the Under Secretary of Homeland Security for Strategy, Policy, and Plans since 2021.

Volt Typhoon is an advanced persistent threat engaged in cyberespionage reportedly on behalf of the People's Republic of China. Active since at least mid-2021, the group is known to primarily target United States critical infrastructure. Volt Typhoon focuses on espionage, data theft, and credential access.

The Chinese government has interfered in the 2024 United States elections through propaganda and disinformation campaigns, primarily linked to its Spamouflage influence operation. The efforts come amidst larger foreign interference in the 2024 United States elections.

Salt Typhoon is an advanced persistent threat actor operated by China's Ministry of State Security (MSS) which has conducted high profile cyber espionage campaigns, particularly against the United States. The group's operations place an emphasis on counterintelligence targets in the United States and data theft of key corporate intellectual property. The group has infiltrated targets in dozens of other countries on nearly every continent. Former NSA analyst Terry Dunlap has described the group as a "component of China's 100-Year Strategy."

<span class="mw-page-title-main">2024 United States Department of the Treasury hack</span> Security breach of a U.S. federal department

On December 30, 2024, the United States Department of the Treasury disclosed that it had been hacked by a state-sponsored actor of the People's Republic of China who gained access to unclassified documents.

References

  1. Menn, Joseph (August 27, 2024). "Chinese government hackers penetrate U.S. internet providers to spy". The Washington Post . Retrieved August 27, 2024.
  2. Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (October 5, 2024). "U.S. Wiretap Systems Targeted in China-Linked Hack" . The Wall Street Journal . Archived from the original on October 5, 2024. Retrieved October 5, 2024.
  3. Volz, Dustin; Viswanatha, Aruna; FitzGerald, Drew; Krouse, Sarah (November 5, 2024). "China Hack Enabled Vast Spying on U.S. Officials, Likely Ensnaring Thousands of Contacts" . The Wall Street Journal . Retrieved November 6, 2024.
  4. Krouse, Sarah; Volz, Dustin (November 15, 2024). "T-Mobile Hacked in Massive Chinese Breach of Telecom Networks" . The Wall Street Journal . Retrieved November 15, 2024.
  5. Volz, Dustin (December 4, 2024). "Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. Official Says" . The Wall Street Journal . Retrieved December 5, 2024.
  6. Tucker, Eric (2024-12-27). "A 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House says". Associated Press . Retrieved 2024-12-27.
  7. 1 2 3 Volz, Dustin; Viswanatha, Aruna; Krouse, Sarah; FitzGerald, Drew (Jan 4, 2025). "How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons". Wall Street Journal . Retrieved Jan 10, 2025.
  8. 1 2 Sanger, David; Barnes, Julian; Barrett, Devlin; Goldman, Adam (Nov 22, 2024). "Emerging Details of Chinese Hack Leave U.S. Officials Increasingly Concerned". The New York Times . Retrieved Jan 10, 2025.
  9. "On-the-Record Press Gaggle by White House National Security Communications Advisor John Kirby". whitehouse.govw. White House. December 27, 2024. Retrieved January 10, 2025.
  10. Barrett, Devlin; Swan, Jonathan; Haberman, Maggie (October 25, 2024). "Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance". The New York Times . Retrieved October 25, 2024.
  11. Nakashima, Ellen (October 11, 2024). "White House forms emergency team to deal with China espionage hack". The Washington Post . Retrieved October 12, 2024.
  12. Sanger, David E. (2024-12-16). "Biden Administration Takes First Step to Retaliate Against China Over Hack". The New York Times . Archived from the original on 2024-12-17. Retrieved 2024-12-17.
  13. "Enhanced Visibility and Hardening Guidance for Communications Infrastructure". Cybersecurity & Infrastructure Security Agency. December 4, 2024. Retrieved January 11, 2025.
  14. "Wyden Releases Draft Legislation to Secure U.S. Phone Networks Following Salt Typhoon Hack". wyden.senate.gov. December 10, 2024. Retrieved January 11, 2025.
  15. "US Treasury Department imposes sanctions on Chinese company over Salt Typhoon hack". Reuters. 17 January 2025. Retrieved 17 January 2025.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.