The FBI and CISA jointly stated that the CCP’s cyber actions against the United States are a ‘broad and significant cyber espionage campaign.’
White House national security adviser Jake Sullivan and Anne Neuberger, deputy national security adviser for cyber and emerging technology, hosted telecommunications executives for a meeting on Nov. 22 to share intelligence after several networks were reportedly hacked.
The Wall Street Journal was the first to confirm that major telecommunications companies including AT&T and Verizon were the target of a large-scale cyberattack that was part of the “Salt Typhoon” campaign, which is backed by the Chinese Communist Party (CCP). Hackers reportedly had access to the network for months or longer.
“The meeting was an opportunity to hear from telecommunications sector executives on how the U.S. Government can partner with and support the private sector on hardening against sophisticated nation state attacks,” the White House officials said in a statement.
The industry and U.S. officials alike have pointed out that while the CCP uses a whole-of-state approach in its cyberattacks against U.S. institutions, the targets are individual private entities that do not have an intelligence-sharing mechanism across the industry or with the government.
On Nov. 13, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) jointly stated that the CCP’s cyber efforts against the United States are a “broad and significant cyber espionage campaign,” encouraging victims to contact local FBI offices.
The FBI and CISA said they think that the CCP-backed hackers were after customer call records and private communications, targeting people involved in government and political activity, and evidence obtained by law enforcement via warrants.
Last month, Vice President-elect JD Vance confirmed that his phone had been breached by Chinese hackers, and he said he believed that President-elect Donald Trump’s phone had also been hacked. Vance said on “The Joe Rogan Experience,” a podcast, that authorities believed the breach was part of the Chinese state-backed Salt Typhoon campaign.
U.S. lawmakers and intelligence officials have sounded the alarm on several large-scale, CCP-backed cyberattack campaigns.
In addition to the Salt Typhoon cyberespionage operation, officials have long warned about the China-backed Volt Typhoon threat group, which intelligence agencies say targets critical infrastructure in the Western world and has already compromised organizations in the fields of energy, transportation, and wastewater, among others.
Authorities also identified a Flax Typhoon campaign that targeted consumer devices, installing malware to create a botnet that could launch additional attacks. The FBI was able to disrupt this network and disable the malware.
Intelligence officials have also warned that the CCP-backed campaigns are “not consistent with traditional cyber espionage or intelligence gathering operations.” In the case of Volt Typhoon, officials believe hackers are prepositioning themselves on critical IT networks to monitor and disrupt in the event of conflicts.
In the wake of these telecom breaches, lawmakers have requested closed-door briefings with telecom executives and intelligence officials to increase private–public cooperation on the issue.