U.S. government says Salt Typhoon is still in telecom networks
Telecommunications providers are still trying to evict the Chinese government-linked hackers behind a monumental and sweeping breach that the government began investigating this spring, U.S. administration officials said Tuesday, while also providing guidance they believe can attempt to kick the attackers off the network for good.
Government agencies are also still grappling with the attack’s full scope, the officials told reporters. The hackers, a group known as Salt Typhoon, targeted officials from both presidential campaigns, including the phone of President-elect Donald Trump.
“I think it would be impossible for us to predict a time frame on when we’ll have full eviction,” said Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. “Right now, the hardening guidance that we put out specifically would make the activities that we’ve seen across the victims much harder to continue. In some cases, it might result in limiting their access.”
What’s made it harder to ensure that eviction is that there’s no single way that hackers have infiltrated the telecommunications carriers, the officials said. Those that the government notified earliest are most aware of those specifics.
“Each victim is unique. These are not cookie-cutter compromises in terms of how deeply compromised the victim might be or what the actor has been able to do,” Greene said. “So it really is case-specific in terms of how to mitigate the specific activity.”
In response to the global hacking campaign tied to the People’s Republic of China, a host of agencies released communication infrastructure-focused guidance. The agencies responsible were CISA, the National Security Agency, the Federal Bureau of Investigation, the Australian Signals Directorate’s Australian Cyber Security Centre, the Canadian Cyber Security Centre and New Zealand’s National Cyber Security Centre.
An FBI official said that media reports have been incorrect in stating that the system under which the telecommunications companies comply with government surveillance requests — the Communications Assistance to Law Enforcement Act (CALEA) — was the primary focus of the Salt Typhoon campaign. It was “only one of several targets for these actors’ collection once they got into the networks,” the official said.
“It’s really important to emphasize that our focus right now is to illuminate what the PRC did and where they had access so we can successfully remove them from across the sector,” the official said. “We continue to closely work with the companies to hunt for the activity.”
While the officials wouldn’t say how many victims it had notified or identified, “the facts and scope are expected to continuously evolve.”
The government still needs to work with the telecommunications providers on whether, in the long term, they will need to replace equipment, Greene said.
