The Chinese hackers compromised the networks of ’multiple telecommunications companies,’ federal investigators said.
Chinese state-sponsored hackers have breached several U.S. telecommunication providers, in a cyber campaign aimed at stealing data from individuals working in government and politics, according to federal investigators.
In a joint statement issued on Nov. 13, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) described the Chinese hacking campaign as “broad and significant cyber espionage.”
The Chinese hackers compromised the networks of “multiple telecommunications companies” and stole customer call records and private communications from “a limited number of individuals who are primarily involved in government or political activity,” the agencies said, without identifying any of the individuals.
The Chinese hackers also copied “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the agencies stated, suggesting that the Chinese breach may have targeted programs covered by the Foreign Intelligence Surveillance Act.
The agencies noted that they are working to “strengthen cyber defenses” across the commercial communications sector.
“We expect our understanding of these compromises to grow as the investigation continues,” the agencies stated.
The FBI and CISA first acknowledged the Chinese hacks in October, saying at the time that an investigation was underway.
In recent months, authorities have disclosed the activities of two Chinese state-sponsored cyber threat groups.
In September, the Justice Department announced that the FBI had taken down a botnet associated with “Flax Typhoon,” a threat group operating through the Beijing-based Integrity Technology Group. The botnet consisted of more than 200,000 consumer devices—such as network cameras, video recorders, and home and office routers—in the United States and elsewhere.
Earlier this month, Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, told The Epoch Times that a Chinese threat group called “Salt Typhoon” had conducted a hack “unprecedented” in size and scope, following media reports about the group’s cyberattack in October.
Salt Typhoon is believed to have breached numerous major telecommunication networks, including those of AT&T, CenturyLink, and Verizon. The group also targeted former President Donald Trump and Vice President Kamala Harris.
On Nov. 12, the House Committee on Homeland Security published a new “Cyber Threat Snapshot” report detailing recent cases of cyberattacks in the United States.
“The Chinese Communist Party’s exploitation of vulnerabilities in major internet service providers is just the newest alarm to sound as Beijing, Tehran, and Moscow work to gain strategic advantages through cyber espionage, manipulation, and destruction,” Rep. Mark Green (R-Tenn.), chairman of the House Committee on Homeland Security, said in a statement.
The report points to another Chinese state-sponsored hacking group, “Volt Typhoon,” which began targeting a wide range of networks across U.S. critical infrastructure in 2021. The group, which was dismantled by a multi-agency operation in January, had maintained “access and footholds within some victim IT environments for at least five years,” according to CISA.
“One in three Americans were affected by healthcare data breaches last year,” the report reads, noting that government agencies were the “third-most targeted sector” for ransomware attacks in 2023.
In September, Rep. Laurel Lee (R-Fla.), a member of the House Committee on Homeland Security, introduced the Strengthening Cyber Resilience Against State-Sponsored Threats Act (H.R.9769). The legislation is co-sponsored by Green and Rep. John Moolenaar (R-Mich.), chairman of the House Select Committee on the Chinese Communist Party.
If enacted, the legislation would create an interagency task force led by CISA and the FBI to deal with cybersecurity threats posed by China’s state-sponsored cyber threat groups. It would also require the new task force to inform Congress of its findings every year for five years.
“While individual agencies have worked to examine and address the threats posed by malign cyber actors like Volt Typhoon, a siloed approach to cybersecurity will only give our adversaries the upper hand,” Lee said in a statement at the time.
“It is critical that the federal government implements a focused, coordinated, and whole-of-government response to all of Beijing’s cyber threats, so no other actors succeed.”
The Associated Press contributed to this report.