A major telecommunications breach targeting AT&T and Verizon networks has been attributed to Salt Typhoon, a hacking group linked to China. The intrusion, described as the largest telecommunications hack in U.S. history, affected at least nine U.S. telecom and internet providers. The attack follows a series of telecommunications breaches that have prompted increased scrutiny of network security protocols.
The attackers accessed data from over a million users, including audio communications from senior government officials. The breach compromised cellphone lines used by numerous U.S. national security and policy officials, affecting individuals associated with both the Trump and Harris presidential campaigns. The incident represents a significant escalation from previous telecom breaches, such as the 2023 data breach that targeted call logs and user records.
The hackers exploited vulnerabilities in the telecommunications infrastructure, specifically targeting pathways that telecom companies use to transfer data between networks. These pathways frequently lack multifactor authentication, which facilitated the unauthorized access. In response to similar vulnerabilities, CISA has recently issued new mobile security guidelines emphasizing the importance of robust authentication measures and encryption protocols.
The intrusion also extended to wiretap surveillance systems at both AT&T and Verizon. According to investigators, the hackers maintained access to these systems for extended periods – approximately six months at one company and 18 months at another. While officials believe the hackers no longer have access to these systems, the extent of data transfer to China remains unclear. The breach has led to the FBI and NSA issuing new smartphone security guidelines specifically addressing vulnerabilities exposed by the Salt Typhoon attack.
In response to these breaches, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has implemented sanctions against several entities. These include Sichuan Juxinhe Network Technology, a China-based cybersecurity company allegedly linked to Salt Typhoon, and Yin Kecheng, a cyber actor in Shanghai associated with China’s Ministry of State Security. The involvement of state-affiliated actors matches established patterns of Chinese cyber operations targeting critical infrastructure.
The telecommunications breach occurred amid other significant cyber threats in 2024, including the exploitation of a Fortinet firewall vulnerability (CVE-2024-55591) and the emergence of an IoT botnet conducting large-scale DDoS attacks primarily targeting Japanese organizations. These incidents have accelerated the implementation of enhanced security measures, including biometric authentication requirements for telecommunications infrastructure in various countries.
Sources: TechCrunch, To Vima, LA Cyber, TechCrunch
Follow Us