Advertisement

White House: Salt Typhoon hacks possible because telecoms lacked basic security measures

In an update Friday, the White House says nine telecom companies were impacted by the Chinese espionage effort.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
(Getty Images)

The White House said Friday that as the U.S. government continues to assess the damage caused by the Salt Typhoon hacks, the breach occurred in large part due to telecommunications companies failing to implement rudimentary cybersecurity measures across their IT infrastructure. 

Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, told reporters Friday that the Biden administration has further zeroed on how these companies can improve their cybersecurity, particularly by sharing threat-hunting guides and instructions for hardening of systems. These guides, shared with telecom companies, have unearthed a new victim, bringing the total of affected companies to nine. 

In a previous briefing this month, Neuberger said that while the impacted telecommunications companies are currently working to expel the hackers from their networks, the risk of further breaches remains high until cybersecurity gaps are fully addressed. In Friday’s briefing, she shared more details on some of the flaws that have been uncovered in telecom systems, which allowed the threat actors to carry out their actions. 

In one incident response case, it was found that the attackers, which are believed to be state-affiliated actors from China, obtained credentials to one administrator account that had access to over 100,000 routers. Additionally, the group erased logs of their actions, and the logs that did remain were inadequate for determining the size and scope of the hack. 

Advertisement

“The reality is that from what we’re seeing regarding the level of cybersecurity implemented across the telecom sector, those networks are not as defensible as they need to be to defend against a well-resourced, capable offensive cyber actor like China,” Neuberger said. 

The White House still cannot definitively say the actors have been removed from the telecom networks. Neuberger said the number of individuals directly impacted are “less than 100.” However, she said the Chinese were interested in a large number of individuals that were geo-located in the Washington, D.C. area, with “the goal of identifying who those phones belong to and if they were government targets of interest for follow-on espionage and intelligence collection of communications.” 

The attackers are believed to have targeted the phones and data of President-elect Donald Trump and Vice-president elect JD Vance, among others.

In the aftermath of the breaches, Neuberger said the White House has outlined four areas where telecom companies can improve their cybersecurity: configuration management, vulnerability management, network segmentation, and sector-wide information sharing. She also expressed support for the new rules pushed forth by the Federal Communications Commission that would force telecoms to further harden their networks. 

The White House says these rules would follow similar regulations in Australia and the U.K., which have been in place since 2018 and 2022, respectively. 

Advertisement

“When I talked with our U.K. colleagues and I asked, ‘do you believe your regulations would have prevented the Salt Typhoon attack?’, their comment to me was, ‘we would have found it faster. We would have contained it faster, [and] it wouldn’t have spread as widely and had the impact and been as undiscovered for as long,’ had those regulations been in place,” Neuberger said. “That’s a powerful message.” 

Latest Podcasts