The Chinese government espionage campaign that has deeply penetrated more than a dozen U.S. telecommunications companies is the
“worst telecom hack in our nation’s history — by far,”
senior U.S. senator Mark Warner told The Washington Post in an interview this week.

The hackers, part of a group dubbed #Salt #Typhoon, have been able to listen in on audio calls in real time
and have in some cases moved from one telecom network to another,
exploiting relationships of “trust,”
said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist.

Warner added that intruders are still in the networks.

Though fewer than 150 victims have been identified and notified by the FBI
— most of them in the Washington, D.C., region, the records of people those individuals have called or sent text messages to run into the “millions,” he said,
“and that number could go up dramatically.”

Those records could provide further information to help the Chinese identify other people whose devices they want to target, he said.
“My hair’s on fire,” Warner said

Those details, some previously undisclosed, add to the alarming understanding of the scope of the hack since late September,
when the U.S. government was alerted to it.

“The American people need to know” how serious the intrusion is, Warner said.

The hackers targeted the phones of President-elect Donald Trump,
his running mate JD Vance,
as well as people working for the campaign of Vice President Kamala Harris
and State Department officials.

The effort was not directly election-related, Warner noted,
as the hackers got into the telecom systems months earlier
— in some cases more than a year ago.

The networks are still compromised and booting the hackers out could involve physically replacing
“literally thousands and thousands and thousands of pieces of equipment across the country,”
specifically outdated routers and switches, Warner said.

“This is an ongoing effort by China to infiltrate telecom systems around the world,
to exfiltrate huge amounts of data,” he said.

The Salt Typhoon telecom breach makes Colonial Pipeline and SolarWinds
— major cyberattacks linked, respectively, to Russian-speaking criminals and to the Russian government
— “look like child’s play,” Warner said.

The Salt Typhoon hack is seen by government officials as an espionage operation rather than pre-positioning for a critical infrastructure sabotage.

Hackers have acquired access to the system that logs U.S. law enforcement requests for criminal wiretaps,
-- allowing the Chinese to know who is of interest to authorities.

There is no evidence so far that hackers have compromised the collection system itself through which law enforcement listens in on wiretapped calls,
said U.S. officials, speaking on the condition of anonymity because of the matter’s sensitivity.

The calls on which Chinese hackers were able to listen in were not part of the “lawful intercept,” or wiretap, system, officials said.

But hackers also had access unencrypted communications, including text messages.

End-to-end encrypted communications such as those on the Signal platform are believed to be protected, officials said.

The Post previously reported that the hackers were able to reconfigure Cisco routers to exfiltrate data from Verizon networks.

The FBI is investigating the intrusion, along with other federal agencies.

“Specifically, we have identified that [Chinese government]-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data,
the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity,
and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,”
the FBI said in a statement issued with the Cybersecurity and Infrastructure Security Agency earlier this month.

So far, the hack is known to have affected major U.S. firms such as AT&T, Verizon and T-Mobile, U.S. and industry officials said.


“This is massive, and we have a particularly vulnerable system,” Warner said.

“Unlike some of the European countries where you might have a single telco, our networks are a hodgepodge of old networks. ...
The big networks are combinations of a whole series of acquisitions, and you have equipment out there that’s so old it’s unpatchable.”

https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom/