The major US telecom providers, AT&T and Verizon, have confirmed the full recovery of their systems following cyberattacks attributed to the Chinese state-linked cyberespionage group, Salt Typhoon. Both companies collaborated with law enforcement to mitigate the damage from these attacks, which targeted sensitive information related to foreign intelligence.
Salt Typhoon’s Espionage Campaign Targets US Telecom Infrastructure
According to US government sources, Salt Typhoon has targeted at least nine telecommunications companies. While the full impact of the attacks on AT&T and Verizon remains undisclosed, the focus appears to have been on targeted espionage. The FBI and CISA officially acknowledged these attacks on US telecom infrastructure in October. Previous reports indicated Verizon was a target, with high-profile individuals like Donald Trump and Senator JD Vance potentially in the crosshairs.
Covert Access and Surveillance Concerns
In September, The Wall Street Journal reported that state-sponsored hackers attempted to infiltrate broadband networks to gain covert access to infrastructure and data. Subsequent reports identified Verizon, AT&T, and Lumen as targets of Salt Typhoon. One concerning finding suggests the hackers may have monitored US government surveillance efforts targeting Chinese threats, including FBI investigations. AT&T’s statement to Bloomberg corroborated this, confirming the attackers sought information about foreign intelligence.
Verizon logo appearing on an iPhone screen.
Following these incidents, the Cybersecurity and Infrastructure Security Agency (CISA) issued comprehensive mobile communication security guidelines for senior government officials, politicians, and other high-value targets to counter state-linked cyberespionage. Verizon disclosed that a limited number of high-profile customers in government and politics were targeted. Both AT&T and Verizon assure their systems are now secure.
Salt Typhoon: GhostEmperor and FamousSparrow
Microsoft, also assisting with investigations, identifies Salt Typhoon as a Chinese-origin threat actor also known as GhostEmperor and FamousSparrow. This group is distinct from Silk Typhoon, another Chinese cyberespionage operation previously identified by Microsoft, which targeted healthcare, law firms, education, defense contractors, think tanks, and NGOs in the US and internationally.
AT&T Faces Multiple Security Breaches in 2024
These attacks mark another security challenge for AT&T in 2024. Earlier this year, the company confirmed a data breach resulting in the exposure of over 7 million active accounts and more than 65 million past subscriber records on the dark web. Subsequently, AT&T revealed another incident where customer data, including call and message logs, was stolen from a third-party cloud platform.
Conclusion: Heightened Security Measures Essential
The recent attacks highlight the escalating threat of state-sponsored cyberespionage against critical infrastructure. The swift response and collaboration between telecom providers and law enforcement were crucial in mitigating the impact. However, these incidents underscore the need for continuous vigilance and enhanced security measures to protect against future threats. The telecommunications sector, particularly companies handling sensitive government and political data, must prioritize robust cybersecurity protocols and proactive threat detection to safeguard their networks and customer information.
