US Telecom Networks Hacked by Chinese State-Funded Group, but Networks Now Clear

The Salt Typhoon hacking group, backed by the Chinese government, has been able to infiltrate US telecom networks, including those of Verizon and AT&T. However, T-Mobile engineers reportedly caught the group running commands on network devices and kicked them off the network before any damage was done.

Verizon and AT&T Networks Cleared

In a statement, Verizon confirmed that the hackers were attempting to gain information about foreign intelligence, while AT&T stated that the targets of these attacks were “a small number of high-profile customers in government and politics.” According to reports, the phones belonging to high-profile Americans, including President-elect Donald Trump and Vice President-elect J.D. Vance, were targeted by this organized hacking group.

Verizon’s Statement

“We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident.”

Other Carriers Affected

Back in October, The Wall Street Journal reported that telecom carriers such as AT&T and Verizon were victims of the Salt Typhoon group’s attacks, and the hackers could have accessed the system used by the federal government for court-authorized network wiretapping. On Friday, the White House said that nine telecom companies were hacked by the Chinese state-funded hacking operation.

T-Mobile’s Response

T-Mobile engineers reportedly caught the group running commands on network devices and kicked them off the network before they could obtain information about T-Mobile’s customers.

Metadata Accessed

Part of the information that the Salt Typhoon hackers were able to access from some of the carriers it infiltrated was metadata belonging to a large number of American users. This metadata contained parts of text messages, communication logs, and small parts of audio from voice calls.

AT&T’s Statement

“We detect no activity by nation-state actors in our networks at this time,” AT&T said. “Based on our current investigation of this attack, the People’s Republic of China targeted a small number of individuals of foreign intelligence interest. In the relatively few instances in which an individual’s information was impacted, we have complied with our notification obligations in cooperation with law enforcement.”

Government Response

The Biden administration recently held a closed-door meeting with members of the industry to discuss how to handle the vulnerabilities that can be exploited by the hackers. Attending the meeting was John Stankey, CEO of AT&T. The US government says it doesn’t know how many Americans were targeted in the attack and it is impossible to figure out when the Salt Typhoon attackers will be completely cleared from the US telecom system. Having the networks belonging to AT&T, Verizon, and presumably T-Mobile all clear is a good start.