Senator to Google: Give us info from telco Salt Typhoon probes
- Reference: 1753473332
- News link: https://www.theregister.co.uk/2025/07/25/senator_mandiant_salt_typhoon_demands/
- Source link:
AT&T and Verizon's networks were among those [1]breached by China's Salt Typhoon , potentially giving Beijing long-term, persistent access to critical US networks.
"In December 2024, AT&T and Verizon both claimed that their networks were secure, but only weeks before the companies made those announcements, the U.S. government warned the breach was so significant it made it 'impossible' for agencies 'to predict a time frame on when we'll have a full eviction,'" the Democratic senator from Washington state wrote in a [2]July 23 letter [PDF] to Mandiant Executive VP Sandra Joyce.
[3]
To get a better idea of whether the telecoms firms' claims are true, Cantwell last month sent a letter to both AT&T and Verizon requesting information about steps they took to secure their networks. Both companies told her that Mandiant had conducted security assessments following the Salt Typhoon intrusions, but the telcos refused to hand them over, according to the senator.
[4]
[5]
"This response only heightens my concerns about AT&T's and Verizon's current security posture, as they are either unwilling or unable to provide specific documentation that would corroborate their claims that their networks are secure," Cantwell wrote.
So instead, Cantwell has asked Mandiant to provide these documents by August 6. Specifically, the senator wants the incident response firm to share with Congress:
A copy of all reports, assessments, and analyses Mandiant conducted for AT&T and Verizon, respectively, in response to the Salt Typhoon attacks.
A list of any recommendations by Mandiant that have not been fully addressed by AT&T or Verizon in response to the Salt Typhoon attacks.
All records related to the costs and expenses of Mandiant's work for AT&T and Verizon, respectively, in response to the Salt Typhoon attacks.
The Register reached out to Mandiant, AT&T, and Verizon to confirm the existence of these security assessments, and to ask if they planned to submit them to US lawmakers for review. AT&T declined to comment, and the other two firms did not respond. We will update this story if and when we hear back from them.
It's highly unlikely, however, that American networks have fully eradicated the Chinese spies and locked all of their backdoors into US-based IT systems.
[6]
In February, two months after [7]AT&T and Verizon confirmed that Chinese government-backed snoops accessed portions of their systems earlier in 2024, Recorded Future's Insikt Group documented [8]Salt Typhoon compromises in at least seven devices linked to global telecom providers and other orgs.
[9]Dem senators pen stern letter urging Noem to reinstate cyber review board
[10]Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards
[11]Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department
[12]Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers
Plus, the PRC snoops "possibly targeted" more than a dozen universities, including the University of California, Los Angeles, to access research related to telecommunications, engineering, and technology, according to the infosec shop.
Then, in June, SecurityScorecard's strike threat analysts told The Register that the team uncovered an [13]ongoing campaign , designed to gain long-term access to networks that bears all the markings of one of China's "Typhoon" crews.
The Cyber Safety Review Board (CSRB), under the Department of Homeland Security umbrella, had been [14]investigating Salt Typhoon , and how the Chinese cyber spies penetrated US government and telecommunications networks, prior to the board's [15]dissolution on President Trump's first day in office.
Also last month, a group of Democratic senators [16]urged Homeland Security Secretary Kristi Noem to reestablish the CSRB, in large part so the board could finish its Salt Typhoon probe. ®
Get our [17]Tech Resources
[1] https://www.theregister.com/2025/01/15/salt_typhoon_us_govt_networks/
[2] https://www.commerce.senate.gov/services/files/DBCCD273-C712-4455-8B60-C57C075ADE48
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIZNKD419fmMafz2_HPUegAAAAc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIZNKD419fmMafz2_HPUegAAAAc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIZNKD419fmMafz2_HPUegAAAAc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIZNKD419fmMafz2_HPUegAAAAc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/
[8] https://www.theregister.com/2025/02/13/salt_typhoon_pwned_7_more/
[9] https://www.theregister.com/2025/06/02/senators_to_noem_reestablish_csrb/
[10] https://www.theregister.com/2025/01/22/dhs_axes_cyber_advisory_boards/
[11] https://www.theregister.com/2025/06/23/lapdog_orb_network_attack_campaign/
[12] https://www.theregister.com/2025/05/29/china_preparing_war_mcmaster/
[13] https://www.theregister.com/2025/06/23/lapdog_orb_network_attack_campaign/
[14] https://www.theregister.com/2025/01/22/dhs_axes_cyber_advisory_boards/
[15] https://www.theregister.com/2025/01/22/trump_cyber_policy/
[16] https://www.theregister.com/2025/06/02/senators_to_noem_reestablish_csrb/
[17] https://whitepapers.theregister.com/
The UK parliament used to have the option of confining the non-compliant to the clock tower, but it's generally held that at present they have no power of compulsion that would survive a test in the courts.
It's a slightly different matter in the US - [1]Steve Bannon served four months for failing to provide documents and testimony to a select committee. However, after the House voted to hold him in contempt, it was actually the Department of Justice that filed criminal charges so it's not straightforward.
[1] https://edition.cnn.com/2024/06/06/politics/steve-bannon-jail
And it's not as if he would have been in gen pop in an actual prison with cells
Nice PR move, but does Mandiant have to provide the data, and can they even do so given the confidentiality clauses certain to be included in the contracts?
Maybe, if they can be compelled to. Question is should they, and would Cantwell understand the content given she seems to be very much a political animal other than a few years in marketing for RealNetworks.
But this would be highly commercially sensitive, not to mention the risk of sensitive security information ending up kind of in the public domain and the risks of that being discoverable or just leaked. Especially as the hack seems to have involved the CALEA or lawful intercept capabilities, where the details around implementation are usually classified and LEAs probably don't want made public.
As the DoJ and FBI would already have been involved either as a criminal investigation, or counter espionage and being a prime customer of LI, it would seem a lot safer to direct DoJ to review the reports and actions and then report back to Congress with a sanitised bill of health.
Nice PR move, but does Mandiant have to provide the data, and can they even do so given the confidentiality clauses certain to be included in the contracts?
Politicians sometimes think they are judges who can ask any question they want. I recall that a UK politician while interrogating the head of Google Europe demanded that he reveal his salary, and the guy essentially told him to get stuffed.