We’re learning more about the group of Chinese hackers previously reported to have breached a number of US ISPs, and their campaign appears to have included phone carriers Verizon and AT&T. Another anonymous source, said to be a US government official, has told the Wall Street Journal that “Salt Typhoon” breached the US telecoms for a period of months along with ISP Lumen Technologies.
The group seemed to have a specific priority goal for the US telecoms: accessing a federal wiretap system used for legally ordered surveillance of criminal suspects, a type of intel that Chinese hackers have targeted before. But the hackers would have had access to much more information with that level of access, and the total damage is likely far greater.
Two of the three big US telecoms breached
While T-Mobile is usually the member of the major US telecoms making the news for some sort of breach, this time it appears it was the other two that fell victim to the Chinese hackers. The country has only three major nationwide options for cellular service since Sprint merged with T-Mobile in 2020, with other “budget” carriers piggybacking and buying space on one of these networks.
China has long targeted US law enforcement surveillance systems, primarily as a means of learning which of its assets are under suspicion. The first major attributed operation by Chinese hackers affiliated with the government took place in 2010, as the attackers breached Google to get hold of a database of Gmail accounts under similar watch by authorities.
Microsoft’s security division first reported on Salt Typhoon in August. This followed a report in early 2024 on a different group called Volt Typhoon that targeted general critical infrastructure with apparent long-term sabotage goals, US telecoms among these organizations. But thus far specific names of breached companies have been thin, and the government has yet to officially confirm that AT&T and Verizon are impacted.
Multiple teams of Chinese hackers aggressively pushing into US networks
The investigation is reportedly still in its early stages and at this point finds only a loose connection between all of these teams of Chinese hackers at best, but they are all state-supported and all have the general goal of stealing valuable information and potentially setting up sabotage opportunities in the event of a military conflict down the road.
What is likely is that this story will get bigger, particularly once there is official confirmation from the government and impacted parties, and that more American organizations are likely impacted. The WSJ sources says that the US telecoms have set up “war rooms” to respond to the Chinese hackers, aided by the FBI, Microsoft and Google security staff.
The story is of ongoing concern as the source claims that the attackers used previously unseen exploits against an assortment of routers to breach the US telecoms, suggesting that the Chinese hackers are dipping into their hoard of zero-days as part of this aggressive campaign.