White House: Chinese telecom hacks have been in motion for years
A White House official says the Salt Typhoon hack has impacted eight telecom companies in the United States, with dozens of other countries also affected, and has been in motion for as long as two years.
The information comes as U.S. administration officials said earlier this week that the hacking group, linked to the Chinese government, is still believed to be in U.S. telecom networks. The government began investigating the breach this past spring, and are continuing to assess its full scope.The spying efforts targeted officials from both presidential campaigns, including the phone of President-elect Donald Trump.
Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, said Wednesday the Chinese campaign “has affected dozens of countries around the world.” She also reiterated what other government officials said earlier this week: the attackers are most likely still inside the telecom networks.
“There is a risk of ongoing compromises to communications,” Neuberger said. “Until U.S. companies address cybersecurity gaps, the Chinese are likely to maintain their access.”
Administration officials did not reveal the full list of companies impacted, nor did they share the countries that may have been affected. However, the White House noted that Chinese cyberespionage efforts have been discovered in the past few years targeting Europe and the Indo-Pacific region.
Neuberger said a unified coordination group was established in response to the hack, which meets several times a week. President Joe Biden has been briefed multiple times on the situation.
She also emphasized that the targets were among a handful of prominent government and political officials, but the attack “was broad in terms of potential access to communications of everyday Americans.” The White House also believes classified communications were unaffected.
The impacted telecommunications companies are currently working to expel the hackers from their networks, but Neuberger said the risk of further breaches remains high until these cybersecurity gaps are fully addressed. The administration has recently convened discussions with telecommunications CEOs and cybersecurity experts to reinforce security measures across the sector.
Earlier this week, a host of agencies released communication infrastructure-focused guidance. The agencies responsible were CISA, the National Security Agency, the Federal Bureau of Investigation, the Australian Signals Directorate’s Australian Cyber Security Centre, the Canadian Cyber Security Centre and New Zealand’s National Cyber Security Centre.
