There are an estimated 128,000 telecommunications companies in the United States serving hundreds of millions of subscribers. U.S. intelligence sources and officials indicate that Chinese government-sponsored hackers have been secretly lurking near the dilapidated routers and switches that connect this vast network for more than four years.

Senate Intelligence Committee Chairman Mark Warner called it “the worst telecommunications hack in our country’s history,” dwarfing the impact of the Colonial Pipeline, OPM and SolarWinds attacks.

The threat has been active since 2020 and the Salt Typhoon group has three other names including Ghost Emperor, Famous Sparrow and UNC2286. The different names exist because cybersecurity companies each gave the threat a different name, but in reality they are all the same threat.

The latest breach compromised major U.S. telecommunications providers AT&T, Verizon, T-Mobile and at least five others, providing access to live phone calls, confidential communications and law enforcement surveillance data.

“This makes previous cyberattacks seem like child’s play,” Warner said in an urgent statement ahead of Thanksgiving, emphasizing the seriousness of the breach and its impact on national security.

The Salt Typhoon Onset: What We Know

Salt Typhoon, debuting in October, is a sophisticated cyber espionage campaign targeting decades-old vulnerabilities in the backbone of America’s communications infrastructure.

The attackers were able to:

• Monitor live phone calls: Gain access to cell phone and data networks, enabling real-time listening.
• Collect sensitive data: Collect private communications, including those of people involved in government or political activities.
• Compromising Law Enforcement Systems: Access systems that log U.S. law enforcement requests for criminal wiretaps, potentially informing Chinese intelligence agencies about American investigative targets.

Warner emphasized the extent of the damage and the challenge of eliminating the threat, describing the network infiltration as so extensive that completely eliminating the hackers could require replacing “literally thousands and thousands of devices across the country.”

A critical cybersecurity crisis

Federal agencies, including the FBI, CISA and NSA, responded Tuesday with an urgent advisory detailing steps for telecommunications providers to secure their systems.

Recommendations include patching vulnerabilities, securing network devices, and implementing strict monitoring practices.

The agencies and their international partners also released a joint guidance document, “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” that provides telecommunications companies with best practices to protect themselves from the Salt Typhoon, which also threatened the networks of many major global telecommunications providers.

“PRC-related cyber activity poses a serious threat to critical infrastructure, government agencies and businesses. This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors,” said Jeff Greene, deputy director of cybersecurity at CISA.

Greene also said, “Together with our U.S. and international partners, we encourage software manufacturers to integrate Secure by Design principles into their development lifecycle to strengthen their customers’ security postures and put their principles into practice.”

But despite these efforts, officials warn that the compromised networks remain at risk, underscoring the need for a major overhaul of telecommunications infrastructure.

“This is not just a breach of a company or a system – it is a breach of our national security,” Warner stressed, urging Americans to recognize the seriousness of the espionage campaign.

At a congressional briefing earlier this week, three sets of goals were announced, including:

1. An undisclosed number of victims, primarily in the D.C. area, whose call records were stolen by telecommunications companies.
2. The private communications of 100-150 political or government-related people are said to have been monitored in real time.
3. The Chinese hackers also accessed and copied U.S. court orders, which FBI officials said were obtained through the Communications Assistance for Law Enforcement statute program.

What can Telekom customers do?

Based on information provided by US authorities, individual customers can take steps to protect their data and devices from further exploitation. Federal authorities recommend the following measures:

1. Update devices regularly: Make sure all personal devices, including smartphones and home routers, are updated with the latest firmware and security patches to address known vulnerabilities.
2. Secure your home network: Change default usernames and passwords on routers. Use strong, unique passwords, enable WPA3 encryption for Wi-Fi networks, and disable unused features like remote management or Universal Plug and Play (UPnP).
3. Use Multi-Factor Authentication (MFA): Enable MFA for important accounts like email, banking, and social media. Consider using a hardware-based MFA solution for additional security.
4. Monitor your network: Regularly check home networks for unknown or suspicious devices using router management tools or apps.
5. Use strong encryption: Use a reputable virtual private network (VPN) when browsing public Wi-Fi. Make sure websites use HTTPS for secure data transfer.
6. Stay informed: Follow updates from trusted sources like CISA or telcos on new threats and best practices.

CISA Director Jen Easterly announced that the Cyber ​​Safety Review Board will meet on Friday to assess the ongoing Salt Typhoon breach.

After a classified Senate briefing this week, Easterly stressed the need to understand the scope and extent of the breach as authorities continue to focus on incident response. “We want to explain the problem and the main measures to strengthen our networks,” she said.

Despite the urgency to close the door on Salt Typhoon, Easterly indicated that the recommendations likely wouldn’t be released until the spring or summer of 2025.

Get breaking news and daily headlines delivered to your email inbox by signing up here.

© 2024 WTOP. All rights reserved. This website is not intended for users within the European Economic Area.