U.S. officials said Tuesday that a Chinese-backed hacker group called Salt Typhoon continues to attack the networks of the nation's largest phone and internet providers, weeks after a long-running hacking campaign first came to light. announced that it had invaded some parts of the country.
Cybersecurity agency CISA said in a call with reporters that the affected telecom companies are still working to eliminate the hackers, in part because the hackers' objectives are unclear.
News first broke in October that Salt Typhoon was lurking deep within the networks of AT&T, Verizon, Lumen (formerly CenturyLink) and others. T-Mobile was targeted, but said it had largely repelled the attackers. This access gave Chinese hackers real-time access to unencrypted calls, text messages, and metadata about the senders and recipients of communications as they traveled through the phone company's networks.
U.S. officials believe the industry-wide hack is an attempt by China to carry out widespread espionage after hackers were found to have accessed communications of senior U.S. government officials, including U.S. officials and presidential candidates. We believe that this may be the case. Salt Typhoon is also believed to be targeting systems that house many of the U.S. government's requests, which could help identify Chinese individuals under U.S. government surveillance.
In a conference call Tuesday, CISA and FBI officials urged Americans to use encrypted messaging apps to avoid wiretapping of communications by Chinese spies and other hacker groups.
“Encryption is your friend, whether it's text messages or the ability to use encrypted voice communications,” the CISA official said.
Signal and WhatsApp are among the most popular end-to-end encrypted messaging apps, preventing anyone, including app makers, from accessing your communications. The U.S. government also provided guidance on how to strengthen the security of communications networks. It said it has strengthened the network of Chinese-backed hackers and noted that each victim company's remediation efforts are different.