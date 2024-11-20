The FBI and CISA revealed this month that a Chinese nation-state threat group breached several U.S. telecommunications carriers, activity that reflects the scale and severity of China's hacking efforts.

The agencies confirmed recent reports of telecom breaches in a joint statement published last week, saying the People's Republic of China (PRC) was conducting a "broad and significant cyber espionage campaign" to spy on government and political leaders.

"Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders," the joint statement read.

This statement came more than a month after The Wall Street Journal (WSJ) broke a story regarding the Chinese government breaching U.S. telecom and broadband providers such as Verizon, Lumen Technologies and AT&T. T-Mobile later confirmed it had been compromised as well, though the exact extent remains unclear. The WSJ reported the attacks were carried out by a Chinese nation-state group known as Salt Typhoon.

The compromise of multiple telecom giants follows a slew of PRC-related threat activity in recent months. On Friday, Volexity reported that a Chinese APT was exploiting a vulnerability in Fortinet's Windows VPN client that was first reported to the vendor in July. Additionally, the U.S. government disrupted two Chinese state-sponsored botnets, once early in the year and once in September, that threat actors were using to conduct attacks against a variety of organizations.

