The U.S. government has confirmed that hackers with links to China breached multiple U.S. telecommunication service providers to access the wiretap systems used by law enforcement to surveil Americans.
In a joint statement published on Monday, CISA and the FBI said they had uncovered “a broad and significant” cyber espionage campaign that saw PRC-affiliated actors compromise networks at “multiple telecommunications companies” in the United States.
CISA and the FBI did not name the breached organizations, but AT&T, Lumen (formerly CenturyLink) and Verizon are among the telecom providers whose networks were breached, according to The Wall Street Journal.
The WSJ reported that Chinese hackers had access to the networks “for months or longer,” allowing them to collect “internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers.”
The U.S. government agencies confirmed on Monday that the breaches enabled “the theft of customer call records data” and “the compromise of private communications of a limited number of individuals.”
The agencies did not name the targeted individuals, but said they “are primarily involved in government or political activity.” Reports said last month that hackers linked to China had targeted the phones of then-presidential nominee Donald Trump and his running mate, Sen. JD Vance.
The PRC hacking campaign also enabled the China-linked hackers — known as “Salt Typhoon” — to copy “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” according to the statement.
The FBI and CISA previously said they were investigating breaches by a China-backed hacking group inside several telecommunications providers, but had not said whether any data was stolen or whether the hackers accessed the systems used to fulfill legal wiretap requests.
“The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector,” the agencies said. “We encourage any organization that believes it might be a victim to engage its local FBI Field Office or CISA.”
