Jump to content

2024 United States telecommunications hack

Edit links
From Wikipedia, the free encyclopedia

On August 27, 2024, The Washington Post reported that at least 2 major internet service providers in the United States had been compromised by Chinese hackers.[1] It was later reported that the hackers affected at least nine telecommunications firms in the U.S., including AT&T, Verizon, Lumen Technologies, and T-Mobile, and had also affected dozens of other countries.[2][3] The hackers were able to access metadata of users calls and text messages, including date and time stamps, source and destination IP addresses, and phone numbers from over a million users, including staff of the Kamala Harris 2024 presidential campaign, as well as phones belonging to Donald Trump and JD Vance.[4][5] The hackers were also able to access wiretapping systems used to conduct court-authorized wiretapping.[6] The attack was later attributed to the Salt Typhoon advanced persistent threat actor linked to China's Ministry of State Security (MSS).[7][8][9]

Initial access

[edit]

The attackers exploited vulnerabilities in unpatched Fortinet and Cisco network devices and routers, targeting core network components.[10] They also gained access to a high-level network management account that wasn't protected by multi-factor authentication. Hijacking router(s) inside AT&T's network then gave them access to over 100,000 routers from which further attacks could be launched.[11][12]

It is believed that the hackers had access to the networks for over a year before the intrusions were detected by threat researchers at Microsoft.[13]

Impact

[edit]

On December 27, 2024, deputy national security advisor Anne Neuberger stated in a White House press conference that the total list of affected telecom companies now stood at 9 after a "hunting guide" was distributed to "key telecom companies" which details how to identify this type of intrusion.[14]

Companies confirmed to have been breached in this attack are:[15]

Call records

[edit]

A high priority for the attackers was records of phone calls made by people who work in the Washington D.C. metro area. These records corresponded to over a million users and included: date and time stamps, source and destination IP addresses, phone numbers and unique phone identifiers. According to Anne Neuberger, a "large number" of the individuals whose data was directly accessed were "government targets of interest."[15][16][17]

Wiretapping systems

[edit]

The hackers compromised telecom systems used to fulfill CALEA requests used by U.S. law enforcement and intelligence agencies to conduct court-authorized wiretapping. The hackers obtained an almost complete list of phone numbers being wiretapped.[18] Officials said having this information would help China know which Chinese spies the United States have identified.[13]

Presidential election

[edit]
Further information: Chinese interference in the 2024 United States elections

In October, Donald Trump's campaign was notified that phones used by Trump and JD Vance may have been affected by the hack as well as the staff of the Kamala Harris 2024 presidential campaign.[19]

Response

[edit]

According to Foreign Policy, the attack has "hardened anti-China consensus" in the U.S. government.[20] Senator Mark Warner, chairman of the U.S. Senate Select Committee on Intelligence, called the intrusion the "worst telecom hack in our nation’s history", describing it as making prior cyberattacks by Russian actors look like "child’s play" by comparison.[21]

Matthew Pines, director of intelligence at SentinelOne, stated that "the Salt Typhoon hacks will be seen as the worst counterintelligence breach in U.S. history" which "gives MSS bread crumbs to trace back to and cauterize strategically critical U.S. sources and methods." He suggested the data breach is worse than the 2015 hack of the U.S. Office of Personnel Management carried out by the MSS' Jiangsu State Security Department.[22]

In retaliation for the attack, the U.S. Department of Commerce announced it would ban the remaining U.S. operations of China Telecom. The Department of Defense placed Chinese media conglomerate Tencent, shipping giant COSCO, battery manufacturer CATL, semiconductor manufacturer ChangXin Memory Technologies, and drone maker Autel Robotics on a blacklist of "Chinese military companies".[23] The designation can disqualify U.S. businesses which transact with listed companies from future U.S. government contracts.[24]

The Chinese Embassy in Washington, D.C. claimed the allegations were all U.S. efforts to "smear and slander" China.[25]

On October 9, the Electronic Frontier Foundation issued a press release stating how any lawful wiretapping system can be compromised by attackers and that "there is no backdoor that only lets in good guys and keeps out bad guys".[26]

On December 4, 2024 the CISA, FBI, and cybersecurity agencies from New Zealand, Canada, and Australia jointly released a guide for hardening network infrastructure titled Enhanced Visibility and Hardening Guidance for Communications Infrastructure. The agencies urged network engineers, particularly ones at telecom companies, to implement the security best practices described therein.[27]

On December 10, Senator Ron Wyden released a draft of the Secure American Communications Act, a bill which would order the FCC to require telecoms to adhere to a list of security requirements and perform annual tests to check for vulnerabilities. Wyden claimed that “it was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules".[28]

On January 17, 2025, the U.S. Treasury Department's Office of Foreign Assets Control sanctioned Yin Kecheng of Shanghai and Sichuan Juxinhe Network Technology Co. Ltd. as having "direct involvement" in Salt Typhoon.[29][30]

See also

[edit]

References

[edit]
  1. ^ Menn, Joseph (August 27, 2024). "Chinese government hackers penetrate U.S. internet providers to spy". The Washington Post. Retrieved August 27, 2024.
  2. ^ Volz, Dustin (December 4, 2024). "Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. Official Says". The Wall Street Journal. Retrieved December 5, 2024.
  3. ^ Tucker, Eric (2024-12-27). "A 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House says". Associated Press. Retrieved 2024-12-27.
  4. ^ Barrett, Devlin; Swan, Jonathan; Haberman, Maggie (October 25, 2024). "Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance". The New York Times. Archived from the original on November 10, 2024. Retrieved October 25, 2024.
  5. ^ Barrett, Devlin; Swan, Jonathan; Haberman, Maggie (October 25, 2024). "Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance". The New York Times. Archived from the original on November 10, 2024. Retrieved October 25, 2024.
  6. ^ Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (2024-10-05). "U.S. Wiretap Systems Targeted in China-Linked Hack". The Wall Street Journal. Archived from the original on 5 Oct 2024.
  7. ^ Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (October 5, 2024). "U.S. Wiretap Systems Targeted in China-Linked Hack". The Wall Street Journal. Archived from the original on October 5, 2024. Retrieved October 5, 2024.
  8. ^ Volz, Dustin; Viswanatha, Aruna; FitzGerald, Drew; Krouse, Sarah (November 5, 2024). "China Hack Enabled Vast Spying on U.S. Officials, Likely Ensnaring Thousands of Contacts". The Wall Street Journal. Retrieved November 6, 2024.
  9. ^ Krouse, Sarah; Volz, Dustin (November 15, 2024). "T-Mobile Hacked in Massive Chinese Breach of Telecom Networks". The Wall Street Journal. Retrieved November 15, 2024.
  10. ^ Volz, Dusin; Viswanatha, Aruna; Krouse, Sarah; FitzGerald, Drew (January 4, 2025). "How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons". The Wall Street Journal. Retrieved February 9, 2025.{{cite news}}: CS1 maint: url-status (link)
  11. ^ Krouse, Sarah; McMillan, Robert; Volz, Dustin (2024-09-26). "China-Linked Hackers Breach U.S. Internet Providers in New 'Salt Typhoon' Cyberattack". The Wall Street Journal. Archived from the original on 7 Oct 2024.
  12. ^ Nakashima, Ellen (6 October 2024). "China hacked major U.S. telecom firms in apparent counterspy operation". The Washington Post. Archived from the original on 7 October 2024. Retrieved 8 October 2024.
  13. ^ a b Sanger, David; Barnes, Julian; Barrett, Devlin; Goldman, Adam (Nov 22, 2024). "Emerging Details of Chinese Hack Leave U.S. Officials Increasingly Concerned". The New York Times. Retrieved Jan 10, 2025.
  14. ^ "On-the-Record Press Gaggle by White House National Security Communications Advisor John Kirby". whitehouse.govw. White House. December 27, 2024. Retrieved January 10, 2025.
  15. ^ a b Volz, Dustin; Viswanatha, Aruna; Krouse, Sarah; FitzGerald, Drew (Jan 4, 2025). "How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons". Wall Street Journal. Retrieved Jan 10, 2025.
  16. ^ Page, Carly (2025-01-06). "Meet the Chinese 'Typhoon' hackers preparing for war". TechCrunch. Retrieved 2025-01-08.
  17. ^ Page, Carly (2025-01-06). "Meet the Chinese 'Typhoon' hackers preparing for war". TechCrunch. Retrieved 2025-01-08.
  18. ^ Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (2024-10-05). "U.S. Wiretap Systems Targeted in China-Linked Hack". The Wall Street Journal. Archived from the original on 5 Oct 2024.
  19. ^ Barrett, Devlin; Swan, Jonathan; Haberman, Maggie (October 25, 2024). "Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance". The New York Times. Retrieved October 25, 2024.
  20. ^ Palmer, James (2025-01-09). "Salt Typhoon Stirs Panic in Washington". Foreign Policy. Retrieved 2025-01-08.
  21. ^ Nakashima, Ellen (November 21, 2024). "Top senator calls Salt Typhoon 'worst telecom hack in our nation's history'". The Washington Post. Retrieved December 31, 2024.
  22. ^ Pines, Matthew [@matthew_pines] (2024-12-28). "I think the Salt Typhoon hacks will be seen as the worst counterintelligence breach in US history. Though not reported yet, seems likely that the MSS compromised the FISA "selectors" in US telcos. The fallout from this is unfathomable. FBI NSD damage assessment is max pain rn" (Tweet). Retrieved 2024-12-30 – via Twitter.
  23. ^ Sanger, David E. (2024-12-16). "Biden Administration Takes First Step to Retaliate Against China Over Hack". The New York Times. Archived from the original on 2024-12-27. Retrieved 2024-12-31.
  24. ^ Stevenson, Alexandra (2025-01-07). "U.S. Adds Tencent to Chinese Military Companies Blacklist". The New York Times. ISSN 0362-4331. Retrieved 2025-01-08.
  25. ^ Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert (2024-10-05). "U.S. Wiretap Systems Targeted in China-Linked Hack". The Wall Street Journal. Archived from the original on 5 Oct 2024.
  26. ^ Cohn, Joe Mullin and Cindy (2024-10-09). "Salt Typhoon Hack Shows There's No Security Backdoor That's Only For The "Good Guys"". Electronic Frontier Foundation. Retrieved 2025-02-04.
  27. ^ "Enhanced Visibility and Hardening Guidance for Communications Infrastructure". Cybersecurity & Infrastructure Security Agency. December 4, 2024. Retrieved January 11, 2025.
  28. ^ "Wyden Releases Draft Legislation to Secure U.S. Phone Networks Following Salt Typhoon Hack". wyden.senate.gov. December 10, 2024. Retrieved January 11, 2025.
  29. ^ Johnson, Derek B. (2025-01-17). "Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks". CyberScoop. Retrieved 2025-01-21.
  30. ^ "US Treasury Department imposes sanctions on Chinese company over Salt Typhoon hack". Reuters. 18 January 2025. Retrieved 21 January 2025.
Retrieved from "https://en.wikipedia.org/w/index.php?title=2024_United_States_telecommunications_hack&oldid=1275561221"