U.S. Government confirms “a broad and significant cyber espionage campaign” against telecommunications providers by PRC affiliates

On 13 November 2024, the U.S. government, through a statement released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), attributed the recent “Salt Typhoon” cyber espionage campaign to Chinese state-sponsored hackers. This campaign targeted major U.S. telecommunications providers, including AT&T, Verizon, and Lumen Technologies, compromising systems used for court-ordered wiretapping and accessing sensitive communications.

In the statement, the agencies identified, “PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders.”

This official attribution follows a October 25 statement by the agencies announcing that they had discovered the malicious activities targeting the wire tapping systems operated by the telecommunications sector and that support was being provided to impacted entities.

The Salt Typhoon attack is likely to further strain U.S.-China relations, highlighting ongoing cybersecurity tensions and mistrust. The incoming Trump administration is likely to respond with increased sanctions and aggressive cybersecurity measures, emphasizing a hardline stance against Chinese cyber activities.