CISA, FBI say US government officials’ call data exfiltrated by Chinese hackers
Chinese state-sponsored hackers accessed and collected the communications of a number of U.S. government officials, according to U.S. cyber agencies.
In a joint statement released by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA), investigations into Chinese government spying on US telecommunications companies found that malicious actors gained access to networks of several American telecommunications companies.
“Specifically, we identified that PRC-affiliated actors compromised the networks of multiple telecommunications companies to enable the theft of customer call recording data, compromising the private communications of a limited number of individuals principally involved in governmental or political activities, and the copying of certain information which was the subject of requests from American law enforcement pursuant to court decisions,” indicates the press release published Wednesday, November 13.
“We expect our understanding of these compromises to improve as the investigation continues.” »
The findings come as U.S. agencies confirmed in October that a Chinese state-sponsored threat actor had breached several U.S. telecom carriers.
AT&T, Verizon and Lumen Technologies had all been hacked by the UNC2286 group, better known as Salt Typhoon.
“The United States Government is investigating unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China,” the FBI and CISA said at the time.
“After the FBI identified specific malicious activity targeting the industry, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, provided technical assistance, and quickly shared information to help other potential victims .”
According to sources speaking to WSJ, the threat actors had maintained access to the network “for months or longer,” which allowed them to collect a large amount of call data from millions of U.S. customers.
Chinese state-sponsored threat actors have been observed using survival techniques to maintain a presence on a victim network for extended periods of time.
A joint advisory released by information-sharing alliance Five Eyes in February revealed that China’s state-sponsored hacking group, Volt Typhoon, may have had access to the computer networks of critical infrastructure providers for at least five years.
“CISA, NSA, FBI [as well as US critical infrastructure agencies and the Five Eyes alliance] …is issuing this advisory to alert critical infrastructure organizations of this assessment, which is based on observations of U.S. author agencies’ incident response activities with critical infrastructure organizations compromised by the state-sponsored cyber group of the RPC known as Volt Typhoon (also known as Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite and Insidious Taurus),” says the press release.