U.S. telecom giant Verizon says it has secured its network after being targeted by the China-linked Salt Typhoon cyberespionage group.
In a statement given to TechCrunch on Sunday, Verizon spokesperson Richard Young said the company has “contained the cyber incident brought on by this nation-state threat actor,” and that it has not detected any threat actor activity on its network “for some time.”
Verizon’s containment of the incident has been confirmed by a “highly respected cybersecurity firm,” the company said, but Young declined to name the third-party company.
While the scale of the Salt Typhoon breach is not yet known, Verizon said that the hackers specifically targeted a “small number of high-profile customers in government.”
“Immediately upon learning of this incident, Verizon took several key actions to protect its customers and its network, including partnering with federal law enforcement and national security agencies, industry partners, and private cybersecurity firms,” Vandana Venkatesh, Verizon’s chief general officer, said. “After considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident.”
AT&T has also confirmed that it has since secured its network after it was targeted by the Salt Typhoon hacking campaign, according to reports.
“We detect no activity by nation-state actors in our networks at this time. Based on our current investigation of this attack, the People’s Republic of China targeted a small number of individuals of foreign intelligence interest,” Reuters quoted an AT&T spokesperson as saying. The company added that the Chinese-backed hackers targeted a “small number of individuals of foreign intelligence interest.”
This marks Verizon and AT&T’s first acknowledgment of their being impacted by the Salt Typhoon campaign. News first broke in October that the hackers had compromised the networks of some of the largest U.S. phone and internet companies to gather intelligence on U.S. citizens.
U.S. officials said earlier this month that at least eight telecommunications providers had been targeted, including Lumen (formerly CenturyLink) and T-Mobile. On Friday, Anne Neuberger, deputy national security adviser for cyber and emerging technology, said a ninth victim had been identified, according to Reuters.
AT&T and Lumen did not immediately respond to requests for comment.
Neuberger, who didn’t name the newly identified victim, said one of the nine telecoms breached involved an administrator account that had access to over 100,000 routers.
