FBI, CISA confirm China-linked cyber espionage targeting US telecoms, government

In a joint statement, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed that a "broad and significant cyber espionage campaign" linked to the People’s Republic of China has compromised several US telecommunications networks. The campaign, attributed to the group known as Salt Typhoon, has allowed cyber operatives to infiltrate major communications networks, accessing sensitive customer call records and even intercepting private communications of certain US government personnel.

The breach reportedly extends beyond customer data, with Salt Typhoon gaining access to a wiretap system US authorities use to process legally authorized data requests. Such a compromise could have profound implications for law enforcement activities and operational security. According to the agencies, the group began targeting US internet service providers (ISPs) in late September 2024, conducting extensive reconnaissance to identify exploitable vulnerabilities for future attacks.

By early October, telecommunications giants AT&T, Lumen Technologies, and Verizon reported signs of compromise, sparking initial concerns over data security in the US communications sector. However, according to recent reports from the Wall Street Journal, the scale of this breach appears more significant and widespread than initially assessed. Sources familiar with the investigation suggest Salt Typhoon may have maintained access to these systems "for months or longer," harvesting extensive internet traffic data from providers servicing millions of Americans and businesses nationwide.

The cyber espionage efforts of Salt Typhoon have also extended to Canada, with the Canadian government confirming that multiple organizations, including critical infrastructure, democratic institutions, and defense-related sectors, were similarly targeted. In Canada, the reconnaissance scans impacted government entities, media organizations, think tanks, and NGOs.

The FBI and CISA emphasized their continued work to provide technical support and intelligence-sharing with affected organizations to bolster cybersecurity defenses within the commercial communications sector. Both agencies urge entities suspecting potential compromise to contact their local FBI field office or CISA for assistance.