The U.S. government has confirmed that hackers with links to China breached multiple U.S. telecommunication service providers to access wiretap systems used by law enforcement to surveil Americans.
In a joint statement published on Monday, CISA and the FBI said they had uncovered “a broad and significant” cyber espionage campaign that saw PRC-affiliated actors compromise networks at “multiple telecommunications companies” in the United States.
Although CISA and the FBI did not name the breached organizations, AT&T, Lumen (formerly CenturyLink), and Verizon are reportedly among the affected telecom providers, according to The Wall Street Journal.
The WSJ reported that Chinese hackers had access to these networks “for months or longer,” which allowed them to collect “internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers.”
Government agencies confirmed on Monday that the breaches enabled “the theft of customer call records data” and “the compromise of private communications of a limited number of individuals.”
The agencies did not name the individuals targeted, but said they were “primarily involved in government or political activity.” Last month, reports indicated that hackers linked to China had targeted the phones of then-presidential nominee Donald Trump and his running mate, Sen. JD Vance.
The PRC hacking campaign also enabled the China-linked hackers — known as “Salt Typhoon” — to copy “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” according to the statement.
The FBI and CISA previously reported that they were investigating breaches by a China-backed hacking group within several telecommunications providers, but until now had not confirmed whether data was stolen or if the hackers accessed the systems used to fulfill legal wiretap requests.
“The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector,” the agencies said. “We encourage any organization that believes it might be a victim to engage its local FBI Field Office or CISA.”
