China Hacks Telecom Companies

Executive Summary

On December 3, 2024, NBC News, a mainstream American broadcast television network, reported that state-sponsored Chinese hackers had attacked major American telecom companies [1]. The hacking campaign, nicknamed Salt Typhoon by Microsoft, has breached companies like Verizon, AT&T, and Lumen, and hasn’t been fully evicted from networks yet [4]. Analysts have reported that this could potentially be one of the largest and most egregious cyber espionage campaigns ever in terms of size and scope [3]. A majority of the information intercepted by the hackers involved either people working for the government or people involved in politics [1]. Examples of previously targeted individuals include President-elect Donald Trump and Vice President Kamala Harris [1]. 

Background

With growing tensions between China and the US over things like trade, military build-up, and Taiwan, China has invested a lot of time and effort into their cybersecurity/cyber espionage military departments. Emphasis has been put on things like intellectual property theft, industrial espionage/sabotage, or in this case information gathering. Since the cyber domain is so new, there is a lack of international regulations or consequences for cyber attacks perpetrated by nation-states, making this domain a great medium for rivaling nations. 

Impact

This story is currently ongoing and a formal investigation into the scope of this attack has not been done yet. However, some compromised items include certain records, voice calls, and the wiretap system used by the justice department [1]. Due to the nature of the companies that have been compromised, the theoretical scope of the attacks could reach almost everybody who uses a phone in the United States. Since the attackers have not yet been removed completely from the networks they have compromised, it is important to note that the scope may increase even further. Other miscellaneous information that has been compromised as a result of the attacks include caller and receiver phone numbers, call durations, call types, and the location of cell towers used [4].

Significance

Due to this attack, the Cybersecurity & Infrastructure Security Agency (CISA) has recommended people to harden their systems and devices, be careful what they communicate, and use encrypted communications when possible [1] [2]. This attack shows that while people may secure their own communications through things like tough passwords or two-factor authentication, vendors themselves are also vulnerable to attacks. Consumers should do proper research on their vendors to understand the protections that are put in place to safeguard their data from threats. It is up to the consumer to then determine if they can trust the companies with data that they may find confidential. 

References

[1] Collier K., “U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack,” 2024 https://www.nbcnews.com/news/amp/rcna182694

[2] Cybersecurity & Infrastructure Security Agency, “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” 2024 https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure 

[3] Luce D., “Chinese hack of telecommunications companies under investigation, NSA chief says,” 2024 https://www.nbcnews.com/news/us-news/chinese-hack-telecommunications-companies-investigation-nsa-chief-says-rcna174208 

[4] Vijayan J., “CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat,” 2024 https://www.darkreading.com/cyberattacks-data-breaches/cisa-issue-guidance-telecoms-salt-typhoon-threat