FBI and CISA investigating telecom providers hack by Chinese hackers

The FBI and the United States Cybersecurity & Infrastructure Security Agency (CISA) have disclosed they are investigating multiple unauthorized breaches to commercial telecommunication service providers in the US, possibly carried out by hackers from the People’s Republic of China.

In a joint statement the intelligence agencies say the affected companies have been alerted immediately of the situation. The agencies also provided technical assistance and alerted potential victims of the incident.

“Agencies across the U.S. Government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector,” the statement says.

That’s all the details the FBI and CISA are willing to share at the moment. They stress the investigation is still ongoing. Businesses and organizations that believe they might be a victim in this matter, are encouraged to contact the local field office of the FBI or CISA.

At the beginning of October, The Wall Street Journal reported that multiple broadband service providers, including Verizon, AT&T and Lumen Technologies, had been breached by a Chinese hacking group called Salt Typhoon, also known as Ghost Emperor, Earth Estries, FamousSparrow, and UNC2286.

“The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers,” the newspaper wrote.

The amount and type of data that was exfiltrated is still under investigation, people familiar with the case told The Wall Street Journal.

It’s not just the US that’s being targeted by hackers from the People’s Republic of China. The Canadian government issued a press release last week, stating that Chinese hackers have been performing broad network scans against numerous domains in Canada throughout 2024, targeting primarily government organizations, political parties, media organizations, think tanks and NGOs.

“Reconnaissance scanning is not an indication of compromise. It is used to gather information, look for possible vulnerabilities, and may be a precursor to further malicious actions. It is the equivalent of someone walking around a building to see if there is an alarm or security camera, or trying the windows and doors to see which ones are unlocked. It is about gathering information in case they want to return to carry out a crime and figuring out the best way to do it,” the Canadian government tried to reassure.

Although nothing has happened yet, businesses and organizations are recommended to beef up their cybersecurity. For example, by implementing multi-factor authentication (MFA), increasing network monitoring for suspicious activities, and teaching employees about phishing and fraudulent emails and messages.

Earlier this week, the Dutch National Coordinator for Counterterrorism and Security (NCTV) warned businesses, institutions and policy makers for ‘digital disruption’ by state-sponsored hackers from China, Russia and North Korea. They carry out ransomware and DDoS attacks in the Netherlands that often result from international ‘geopolitical tensions’.