CISA and FBI say Chinese hackers exfiltrated call data from US government officials

CISA and FBI say Chinese hackers exfiltrated call data from US government officials

CISA and FBI say Chinese hackers exfiltrated call data from US government officials

Chinese state-sponsored hackers have accessed and collected the communications of several US government officials, according to US cyber agencies.

In a joint statement released by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA), investigations into Chinese government spying on US telecommunications companies revealed that threat actors had gained access to the networks of multiple US telecommunications companies.

“Specifically, we have identified that actors affiliated with the People’s Republic of China have compromised networks at multiple telecommunications companies to enable the theft of customer call log data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activities, and the copying of certain information that was subject to requests by US authorities pursuant to court orders,” said the statement issued on Wednesday (Nov. 13).

“We hope that our understanding of these compromises will grow as research continues.”

The findings come as US agencies confirmed in October that a Chinese state-sponsored threat actor had breached several US telecommunications companies.

AT&T, Verizon and Lumen Technologies had been breached by the UNC2286 group, better known as Salt Typhoon.

“The United States government is investigating unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China,” the FBI and CISA said at the time.

“After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, provided technical assistance, and quickly shared information to help other potential victims.” .

According to sources who spoke to WSJ, the threat actors had maintained access to the network “for months or longer,” allowing them to collect a large amount of call data from millions of American customers.

Chinese state-sponsored threat actors have been observed using subsistence techniques to maintain a presence in a network of victims for long periods.

A joint advisory published by the Five Eyes information-sharing alliance in February revealed that the Chinese state-sponsored hacking group Volt Typhoon may have had access to the IT networks of critical infrastructure providers for at least five years.

“CISA, NSA, FBI [as well as US critical infrastructure agencies and the Five Eyes alliance] …are publishing this notice to warn critical infrastructure organizations about this assessment, which is based on observations of incident response activities by the U.S. author agencies at critical infrastructure organizations compromised by the cyber group sponsored by the PRC state known as Volt Typhoon (also known as Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite and Insidious Taurus),” the statement said.

Leave a Reply

Your email address will not be published. Required fields are marked *