By hacking into the telecom networks of Verizon, AT&T, and Lumen Technologies, the group affiliated with Beijing accessed critical data for the U.S. government.

On October 11, 2024, The Wall Street Journal reported a cyber-espionage campaign targeting the telecom networks of Verizon, AT&T, and Lumen Technologies, conducted by Salt Typhoon, a group affiliated with China. This new Advanced Persistent Threat (APT) actor allegedly gained access for months to highly sensitive systems of the three operators, which are linked to the U.S. government’s intelligence services.

Journalists detailed intrusions into devices that facilitate electronic communication collections and wiretapping authorized by the U.S. judiciary. The Chinese government may have accessed a wealth of critical information, including the names of Chinese targets being surveilled by Washington. Jamil Jaffer, a former national security official at the White House, called it a “first-order failure in counter-espionage.”

Specifically, Salt Typhoon is said to have exploited backdoors in the networks of the three operators that the U.S. government itself had installed. The CALEA (Communications Assistance for Law Enforcement Act) law allows the executive branch to require telecom operators to implement such devices. The government then uses these backdoors for surveillance and intelligence operations as part of judicial investigations.

This intrusion appears to vindicate critics of this law, who have long warned about the risks of malicious actors misusing these features. Leading this criticism, Senator Ron Wyden has called on Jessica Rosenworcel, Chairwoman of the FCC (the U.S. telecom regulator), and Merrick Garland, U.S. Attorney General, to “acknowledge the failure of their current approach to countering cyberattacks.”

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.