How Much Damage Did China Do With Latest U.S. Telecom Hack?

A ninth telecom network in the U.S. has fallen victim to the Chinese-linked Salt Typhoon hacking group, prompting urgent action from the government to bolster cybersecurity defenses.

At a Glance

  • Salt Typhoon, a Chinese state-backed hacking group, has infiltrated nine U.S. telecom networks
  • The group targets high-profile political figures and steals substantial amounts of American data
  • U.S. government is implementing stricter cybersecurity regulations for telecom companies
  • White House attributes breaches to telecom companies’ failure to implement basic security measures
  • Efforts are underway to build defensible infrastructure and enforce stricter cybersecurity practices

Salt Typhoon’s Escalating Threat

The Salt Typhoon hacking group, also known by aliases such as Earth Estries and GhostEmperor, has emerged as a significant cyber threat to U.S. telecommunications networks. This Chinese state-backed group has successfully infiltrated nine telecom networks, targeting government, technology sectors, and high-profile political figures.

China just keeps getting away with this.

The group’s advanced capabilities include the use of sophisticated malware like “GhostSpider,” specifically designed to breach telecom networks. Salt Typhoon exploits both known and zero-day vulnerabilities in various systems, including Ivanti Connect Secure VPN and Microsoft Exchange, enabling prolonged surveillance and data extraction.

Impact on National Security

The breaches have raised significant national security concerns. In one alarming incident, attackers gained access to an administrator account controlling over 100,000 routers and erased logs of their actions. While less than 100 individuals were directly impacted, the focus on those located in Washington, D.C. suggests potential espionage motives.

“Among Salt Typhoon’s arsenal is the advanced ‘GhostSpider; backdoor malware, specifically engineered to infiltrate telecommunications networks,” Sıla Özeren said.

The hackers targeted phones and data of high-profile individuals, including President-elect Donald Trump and Vice-president elect JD Vance. Major telecom companies like Verizon, AT&T, and CenturyLink have been affected, with the campaign spanning dozens of nations.

U.S. Government Response

The White House has identified critical areas for telecom companies to improve, including configuration management, vulnerability management, network segmentation, and sector-wide information sharing. Anne Neuberger, a senior cybersecurity official, emphasized the gravity of the situation.

“The reality is that from what we’re seeing regarding the level of cybersecurity implemented across the telecom sector, those networks are not as defensible as they need to be to defend against a well-resourced, capable offensive cyber actor like China,” Anne Neuberger said.

In response to the threats, various government agencies are taking action. The Justice Department has named China, Cuba, Iran, North Korea, Russia, and Venezuela as countries of concern for exploiting U.S. data. The Department of Health and Human Services has proposed rules to enhance cybersecurity in the healthcare system, while the Cybersecurity and Infrastructure Security Agency has advised senior government officials to use encrypted communications.

The Federal Communications Commission has since proposed new cybersecurity rules for communications service providers. The FBI, CISA, and NSA have published a guide for telecom companies to mitigate cyber intrusions. These efforts aim to build a more defensible infrastructure and enforce stricter cybersecurity practices in government contracts.

The incoming Trump admin needs to take this problem on. Urgently.