Senior national security official said the United States looks to ‘lock down’ telecom infrastructure with stricter cybersecurity rules.
The White House has identified a ninth U.S. telecom network that Chinese state hackers have compromised, a senior official said on Dec. 27.
Anne Neuberger, deputy national security adviser for cyber and emerging technology, revealed the new information in a press briefing as officials continue to assess the scope of the cybersecurity breach from China’s state-backed Salt Typhoon hacking group, which has carried out a wide-ranging espionage campaign since 2022.
The hacking operation has affected major telecommunications companies and dozens of nations, with Verizon, AT&T, and CenturyLink among the targets. Officials said in early December that these hackers are still embedded in U.S. infrastructure.
Neuberger said in an earlier conference that the hackers had focused on “very senior” American political figures and stolen vast troves of American data. She said on Friday that they still don’t have a good sense of the total scope of the breach.
“Our understanding is that a large number of individuals were geolocated in the Washington DC, Virginia area,” she said.
Only a fraction of them had their communications affected, Neuberger said, as the hackers are more interested in eavesdropping on U.S. government officials.
“The scale we’re talking about is far larger on the geolocation, probably less than 100 on the actual individuals,” she said.
Shortly after the briefing, the Justice Department issued a final rule naming China, Cuba, Iran, North Korea, Russia, and Venezuela as countries of concern over their ambitions to exploit sensitive U.S. personal and government-related data by bulk. Under the rule, certain individuals and groups whom authorities deemed as threat actors are barred from transactions involving six types of U.S. data, including certain personal identifiers such as social security numbers or government identification numbers, precise geolocation data, biometric identifiers, human genetic or molecular data, personal health data, and personal financial data.
Those transactions “pose an unacceptable risk to the national security,” a Justice Department statement said, noting that those adversarial nations could use the data to conduct cyber espionage, malign foreign influence, bolster military capabilities, and “track and build profiles on U.S. persons,” including military and intelligence officers for blackmail, coercion, and espionage. These data could also become tools for these states to spy on its targets, such as dissidents, political opponents, or marginalized communities, to intimidate them and curtail freedoms, the department said.
The regulation applies to entities over which China has an ownership of 50 percent or more, those that principally conduct business in China or are organized under Chinese law, their contractors and employees, and foreign individuals who primarily reside in China.
In the wake of the Salt Typhoon hacking campaign, the Cybersecurity and Infrastructure Security Agency has urged “individuals who are in senior government or senior political positions” to “immediately” stop using regular phone calls and text messages. They should only use end-to-end encrypted communications and “assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation,” the agency warned.
The hacking group has targeted now-Vice President-elect JD Vance and now-president-elect Donald Trump, as well as Vice President Kamala Harris.
To deter Chinese hacking attempts, Neuberger said, the first step is to build a “defensible infrastructure.”
“We wouldn’t leave our homes, our offices unlocked, and yet our critical infrastructure, the private companies owning and operating our critical infrastructure often do not have the basic cybersecurity practices in place,” she said in the press call.
Authorities are also scrutinizing government contracts to enforce stricter cybersecurity practices, Neuberger said. In doing so, she said, the United States is following in the footsteps of Australia and the UK.
“The nation’s secrets, the nation’s economy, lies on our telecommunications sector,” she said.
“When I talked with our UK colleagues and I asked, ‘Do you believe your regulations would have prevented the Salt Typhoon attack?’ their comment to me was, we would have found it faster, we would have contained it faster.”
Neuberger said it was a “powerful message.”
In early December, the FBI, the Cybersecurity and Infrastructure Security Agency, and the National Security Agency collectively published a guide instructing telecom companies to mitigate cyber intrusions.
“Those networks are not as defensible as they need to be to defend against a well resourced, capable offensive cyber actor like China,” Neuberger said.
In assessing the Salt Typhoon breach, she said, authorities have found one administrator account that had access to more than 100,000 routers.
“So when the Chinese compromised that account, they gained that kind of broad access across the network,” she said.
Neuberger said officials are looking to segment the telecom networks so that in the event of a cyber attack, the potential damage could be contained.
The Federal Communications Commission on Dec. 5 proposed cybersecurity rules requiring communications service providers to certify annually that they have a plan to protect against cyberattacks.
The rule is waiting for a vote by Jan. 15, Neuberger said, noting that they are eager to see bipartisan support across the commission to see it through.
The Chinese were “very careful about their techniques. They erased logs,” she said. And as “we will never know regarding the scope and scale of this,” she said, the United States is “looking forward.”
An appeals court on Tuesday upheld the Federal Communications Commission’s decision to bar China Unicom Americas, the U.S. operation of a top Chinese state wireless carrier, from accessing the U.S. telecom market.
Neuberger said more actions will be coming out in the next few months.
“Let’s lock down this infrastructure. And frankly, let’s hold the Chinese accountable for this,” she said.