Misplaced Pages

2024 United States telecommunications hack

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
2024 cyberattack by China

On August 27, 2024, The Washington Post reported that two major internet service providers in the United States had been compromised by China. AT&T, Verizon, Lumen Technologies, and T-Mobile were reported to have been affected by the Salt Typhoon advanced persistent threat linked to China's Ministry of State Security.

It was later reported that Salt Typhoon affected at least nine telecommunications firms in the U.S. and had also affected dozens of other countries.

Initial access

The attackers exploited vulnerabilities in unpatched Fortinet and Cisco network devices and routers. They also gained access to a high-level network management account that wasn’t protected by multi-factor authentication. Hijacking router(s) inside AT&T's network then gave them access to over 100,000 routers from which further attacks could be launched.

It is believed that the hackers had access to the networks for over a year before the intrusions were detected by threat researchers at Microsoft.

Impact

On December 27, 2024 Anne Neuberger stated in a White House press conference that the total list of affected telecom companies now stood at 9 after a "hunting guide" was distributed to "key telecom companies" which details how to identify this type of intrusion.

Companies confirmed to have been breached in this attack are:

Call records

A high priority for the attackers was records of phone calls made by people who work near Washington D.C. These records corresponded to over a million users and included: date and time stamps, source and destination IP addresses, phone numbers and unique phone identifiers.

Wiretaps

The hackers got an almost complete list of phone numbers being wiretapped by the Justice Department' "lawful intercept" system. This system monitors people suspected of committing crimes or spying.

Officials said having this information would help China know which Chinese spies the United States have identified.

Presidential election

Further information: Chinese interference in the 2024 United States elections

In October, Donald Trump's campaign was notified that phones used by Trump and JD Vance may have been affected by the hack as well as the staff of the Kamala Harris 2024 presidential campaign.

Response

In October 2024, The Washington Post reported that the U.S. federal government formed a multi-agency team to address the hack. In December 2024, the U.S. moved to crack down on China Telecom's cloud operations in the U.S. in response to the hack.

On December 4, 2024 the CISA, FBI, and cybersecurity agencies from New Zealand, Canada, and Australia jointly released a guide for hardening network infrastructure titled Enhanced Visibility and Hardening Guidance for Communications Infrastructure. The agencies urged network engineers, particularly ones at telecom companies, to implement the security best practices described therein.

On December 10, Senator Ron Wyden released a draft of the Secure American Communications Act, a bill which would order the FCC to require telecoms to adhere to a list of security requirements and perform annual tests to check for vulnerabilities.

On January 17, 2025, the U.S. Treasury Department sanctioned a Chinese cybersecurity and a hacker, both with ties to the Ministry of State Security, for their alleged roles in the hack.

See also

References

  1. Menn, Joseph (August 27, 2024). "Chinese government hackers penetrate U.S. internet providers to spy". The Washington Post. Retrieved August 27, 2024.
  2. Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (October 5, 2024). "U.S. Wiretap Systems Targeted in China-Linked Hack". The Wall Street Journal. Archived from the original on October 5, 2024. Retrieved October 5, 2024.
  3. Volz, Dustin; Viswanatha, Aruna; FitzGerald, Drew; Krouse, Sarah (November 5, 2024). "China Hack Enabled Vast Spying on U.S. Officials, Likely Ensnaring Thousands of Contacts". The Wall Street Journal. Retrieved November 6, 2024.
  4. Krouse, Sarah; Volz, Dustin (November 15, 2024). "T-Mobile Hacked in Massive Chinese Breach of Telecom Networks". The Wall Street Journal. Retrieved November 15, 2024.
  5. Volz, Dustin (December 4, 2024). "Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. Official Says". The Wall Street Journal. Retrieved December 5, 2024.
  6. Tucker, Eric (2024-12-27). "A 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House says". Associated Press. Retrieved 2024-12-27.
  7. ^ Volz, Dustin; Viswanatha, Aruna; Krouse, Sarah; FitzGerald, Drew (Jan 4, 2025). "How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons". Wall Street Journal. Retrieved Jan 10, 2025.
  8. ^ Sanger, David; Barnes, Julian; Barrett, Devlin; Goldman, Adam (Nov 22, 2024). "Emerging Details of Chinese Hack Leave U.S. Officials Increasingly Concerned". The New York Times. Retrieved Jan 10, 2025.
  9. "On-the-Record Press Gaggle by White House National Security Communications Advisor John Kirby". whitehouse.govw. White House. December 27, 2024. Retrieved January 10, 2025.
  10. Barrett, Devlin; Swan, Jonathan; Haberman, Maggie (October 25, 2024). "Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance". The New York Times. Retrieved October 25, 2024.
  11. Nakashima, Ellen (October 11, 2024). "White House forms emergency team to deal with China espionage hack". The Washington Post. Retrieved October 12, 2024.
  12. Sanger, David E. (2024-12-16). "Biden Administration Takes First Step to Retaliate Against China Over Hack". The New York Times. Archived from the original on 2024-12-17. Retrieved 2024-12-17.
  13. "Enhanced Visibility and Hardening Guidance for Communications Infrastructure". Cybersecurity & Infrastructure Security Agency. December 4, 2024. Retrieved January 11, 2025.
  14. "Wyden Releases Draft Legislation to Secure U.S. Phone Networks Following Salt Typhoon Hack". wyden.senate.gov. December 10, 2024. Retrieved January 11, 2025.
  15. "US Treasury Department imposes sanctions on Chinese company over Salt Typhoon hack". Reuters. 17 January 2025. Retrieved 17 January 2025.
Categories:
2024 United States telecommunications hack Add topic