Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'
(2024/11/14)
- Reference: 1731549251
- News link: https://www.theregister.co.uk/2024/11/14/salt_typhoon_hacked_multiple_telecom/
- Source link:
The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.
In a [1]joint statement issued on Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), the two government bodies said the previously-reported digital assaults resulted in the "theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders."
This is a step up from the two agencies' late October [2]revelation that they were on the case and actively providing assistance to affected companies and potential victims. It comes over a month after [3]reports emerged that indicated a Chinese government-backed spy crew had breached US telecommunications networks [4]Verizon, AT&T, and Lumen Technologies .
[5]Feds investigate China's Salt Typhoon amid campaign phone hacks
[6]US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants
[7]Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
[8]China's Volt Typhoon crew and its botnet surge back with a vengeance
The Wednesday announcement gets very close to verifying almost everything that has been previously reported about the affair: That, after breaking into telcos' networks, the China-linked entities – which have sometimes been labelled "Salt Typhoon" – compromised the wiretapping systems used for court-ordered surveillance; and that the snoops also targeted phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, along with Republican president-elect Donald Trump and VP-elect JD Vance.
In other words, here's some official acknowledgement of China drilling into American communications networks.
[9]
The Feds "continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector," the statement continued, urging any org that suspects it might be a victim to contact its [10]local FBI field office or CISA.
[11]
Earlier this week, security researchers warned that a different Chinese government-backed spy crew – [12]Volt Typhoon – is once again compromising old Cisco routers to build a botnet to break into critical infrastructure networks and kick off cyber attacks. ®
Get our [13]Tech Resources
[1] https://www.fbi.gov/news/press-releases/joint-statement-from-fbi-and-cisa-on-the-peoples-republic-of-china-targeting-of-commercial-telecommunications-infrastructure
[2] https://www.theregister.com/2024/10/28/feds_investigate_chinas_salt_typhoon/
[3] https://www.theregister.com/2024/09/25/chinas_salt_typhoon_cyber_spies/
[4] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[5] https://www.theregister.com/2024/10/28/feds_investigate_chinas_salt_typhoon/
[6] https://www.theregister.com/2024/10/11/us_lawmakers_salt_typhoon/
[7] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[8] https://www.theregister.com/2024/11/13/china_volt_typhoon_back/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZzWD9YV9VxBt4bCF0Gp2GgAAAJc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[10] https://www.fbi.gov/contact-us/field-offices
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZzWD9YV9VxBt4bCF0Gp2GgAAAJc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[12] https://www.theregister.com/2024/11/13/china_volt_typhoon_back/
[13] https://whitepapers.theregister.com/
In a [1]joint statement issued on Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), the two government bodies said the previously-reported digital assaults resulted in the "theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders."
This is a step up from the two agencies' late October [2]revelation that they were on the case and actively providing assistance to affected companies and potential victims. It comes over a month after [3]reports emerged that indicated a Chinese government-backed spy crew had breached US telecommunications networks [4]Verizon, AT&T, and Lumen Technologies .
[5]Feds investigate China's Salt Typhoon amid campaign phone hacks
[6]US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants
[7]Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
[8]China's Volt Typhoon crew and its botnet surge back with a vengeance
The Wednesday announcement gets very close to verifying almost everything that has been previously reported about the affair: That, after breaking into telcos' networks, the China-linked entities – which have sometimes been labelled "Salt Typhoon" – compromised the wiretapping systems used for court-ordered surveillance; and that the snoops also targeted phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, along with Republican president-elect Donald Trump and VP-elect JD Vance.
In other words, here's some official acknowledgement of China drilling into American communications networks.
[9]
The Feds "continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector," the statement continued, urging any org that suspects it might be a victim to contact its [10]local FBI field office or CISA.
[11]
Earlier this week, security researchers warned that a different Chinese government-backed spy crew – [12]Volt Typhoon – is once again compromising old Cisco routers to build a botnet to break into critical infrastructure networks and kick off cyber attacks. ®
Get our [13]Tech Resources
[1] https://www.fbi.gov/news/press-releases/joint-statement-from-fbi-and-cisa-on-the-peoples-republic-of-china-targeting-of-commercial-telecommunications-infrastructure
[2] https://www.theregister.com/2024/10/28/feds_investigate_chinas_salt_typhoon/
[3] https://www.theregister.com/2024/09/25/chinas_salt_typhoon_cyber_spies/
[4] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[5] https://www.theregister.com/2024/10/28/feds_investigate_chinas_salt_typhoon/
[6] https://www.theregister.com/2024/10/11/us_lawmakers_salt_typhoon/
[7] https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/
[8] https://www.theregister.com/2024/11/13/china_volt_typhoon_back/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZzWD9YV9VxBt4bCF0Gp2GgAAAJc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[10] https://www.fbi.gov/contact-us/field-offices
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZzWD9YV9VxBt4bCF0Gp2GgAAAJc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[12] https://www.theregister.com/2024/11/13/china_volt_typhoon_back/
[13] https://whitepapers.theregister.com/
Backdoors? What backdoors?
A little while ago I posted, "Let them win! People will see what embedding backdoors gets you when the foreign nations start using your sooper-seekret holes for themselves!" -- and someone else commented that they won't be called backdoors, and the foreign nations will be presented as awful hackers, with no harm no foul on the government-embedded backdoor side.
That's exactly what we're seeing here. They don't even call these "backdoors", despite that being exactly what they are. Foreign nations are taking advantage of them, despite promises that they're only for the "good guys". News breaks, and the "good guys" try to change the narrative -- it's the "bad guys" who are abusing tech, this was never allowed by us!
and then the "good guys" want to continue embedding their back doors. To what end? I certainly can't imagine what could possibly go wrong. I can make some guesses though.