Washington — Federal authorities are urgently investigating a cyberattack linked to China-backed hackers that targeted major U.S. telecommunications companies and systems used for key government intelligence collection capabilities, a U.S. official familiar with the matter confirmed to CBS News.
The hacking group known as “Salt Typhoon” hit numerous companies including Verizon, AT&T and Lumen Technologies. The official, who spoke on the condition of anonymity, said the depth and the severity of the hack are not yet clear.
According to the official, the Chinese hackers breached systems used by U.S. intelligence to conduct wiretaps, and both government agencies and the affected private companies are trying to ascertain what information, if any, the malign actors were able to collect.
The hack was first reported by the Wall Street Journal. The FBI and other federal agencies, including the Cybersecurity and Infrastructure Security Agency, are currently investigating the cyber breach. The FBI, the Justice Department and CISA did not comment.
AT&T and Lumen Technologies declined to comment on this report. Verizon did not immediately respond to CBS News’ request for comment.
What did the hackers target?
U.S. intelligence officials routinely seek court authorization to use telecom systems like those targeted in the breach to collect information for law enforcement or national security probes. The U.S. official told CBS News the China-backed hackers targeted U.S. surveillance capabilities used for operations including wiretaps, and investigators are now trying to determine how deeply the Chinese accessed the networks.
One fear is that the cyberattacks could have allowed the hackers to access information about ongoing U.S. investigations — including those tied to China — through the collection of sensitive data and techniques.
What are U.S. lawmakers saying?
In light of the reported hack, Sen. Ron Wyden, a Democrat from Oregon, urged the Justice Department and Federal Communications Commission to set mandatory, uniform security standards in place for telecom companies’ wiretapping systems.
“The recently reported hack of U.S. telecommunications companies’ wiretapping systems should serve as a major wake-up call to the government,” Wyden said in a letter to FCC Chair Jessica Rosenworcel and Attorney General Merrick Garland. “The outdated regulatory framework and DOJ’s failed approach to combating cyberattacks by protecting negligent corporations must be addressed. The security of our nation’s communications infrastructure is paramount, and the government must act now to rectify these longstanding vulnerabilities.”
Specifically, Wyden asked the FCC to establish “baseline” cybersecurity standards for the telecom companies enforceable by fines, and require independent annual third-party cybersecurity audits, among other things.
He asked the Justice Department to hold “negligent” corporations accountable and be transparent about data breaches with Congress, investigators and the public. He said the government should prioritize corporate accountability for poor cybersecurity over prosecuting foreign hackers, since those hackers are rarely successfully brought to justice.
What else has China done?
FBI Director Christopher Wray and other top U.S. officials have long warned about the cyber threats posed by China. Hackers backed by the Chinese government recently targeted U.S. water treatment plants and electrical grids, strategically positioning themselves within critical infrastructure systems to “wreak havoc and cause real-world harm to American citizens and communities,” Wray told Congress in January.
Earlier this year, officials at CISA issued a public advisory that alleged that hackers backed by China “are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.”
And in recent years, federal officials at the Justice Department have warned of China’s push to steal sensitive U.S. technological information to advance their own domestic capabilities.
A yearslong cyber operation spearheaded by a notorious Chinese state actor known as APT 41 siphoned off an estimated trillions of dollars’ worth of intellectual property from about 30 multinational companies within the pharmaceutical, energy and manufacturing industries, CBS News reported in 2022. That included sensitive data spanning companies in North America, Europe and Asia.
Margaret Brennan,
and
Nicole Sganga
contributed to this report.