The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday accused threat actors affiliated with the People’s Republic of China (PRC) of carrying out a โbroad and significant cyber-espionage campaignโ against multiple commercial telecommunications infrastructures.
The hackers infiltrated the networks of several telecommunications companies, allowing them to gather customer call records and access the private communications of a limited number of individuals primarily involved in government and politics.
Further, the two agencies said the hackers also duplicated certain information requested by U.S. law enforcement under court orders.
โSpecifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,โ reads the joint statement released by CISA and the FBI on Wednesday.
While the officials did not disclose the names of the telecommunications companies impacted by the hack, it did indicate that their understanding of these breaches is likely to deepen as the investigation progresses.
The agencies have also encouraged organizations that believe they were affected by the breach to contact their local FBI field office or CISA.
โThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) continue to render technical assistance, rapidly share information to assist other potential victims, and work to strengthen cyber defenses across the commercial communications sector. We encourage any organization that believes it might be a victim to engage its local FBI Field Office or CISA.”
The recent joint statement follows CISA and the FBIโs confirmation in late October of a hack attributed to a Chinese hacking group known as Salt Typhoon (aka Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286)ย that had breached some major broadband providers in the U.S., including Verizon, AT&T, and Lumen Technologies.
The joint statement also confirms previous media reports that the threat group had accessed U.S. federal government systems involved in court-authorized network wiretapping requests.