Saturday, December 7, 2024
HomeCyber Security NewsChinese Hackers Breached Deep Into US Telecom to Spy on Calls and...

Chinese Hackers Breached Deep Into US Telecom to Spy on Calls and Texts

Published on

SIEM as a Service

In a breach that lawmakers are calling the most serious in U.S. history, Chinese hackers infiltrated the nation’s telecommunications systems, gaining the ability to listen to phone conversations and read text messages by exploiting outdated equipment and vulnerabilities in network connections.

The revelations come as investigators scramble to understand the full scope of the intrusion.

“The barn door is still wide open, or mostly open,” said Senator Mark Warner, chairman of the Senate Intelligence Committee and a former telecommunications executive.

- Advertisement - SIEM as a Service

Speaking in an interview on Thursday, Warner expressed shock over the depth of the breach, which was linked to a Chinese intelligence group known as “Salt Typhoon.”

The hack was initially discovered by Microsoft during the summer of 2024 and is the “worst telecom hack in our nation’s history by far,” a senior U.S. senator told.

Chinese government-linked actors have hacked multiple telecom networks, stealing customer call records, targeting private communications of government and political figures, and copying data from U.S. law enforcement court orders, according to the FBI and CISA.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Hack Targeted Conversations of Key Officials

Investigators revealed that the breach allowed hackers to monitor phone calls and text messages involving prominent Americans, including President-elect Donald J. Trump and Vice President-elect JD Vance.

While encrypted communication services like WhatsApp, Signal, or iMessage remained secure, hackers intercepted unencrypted texts and calls made over traditional phone networks.

The intrusion targeted national security officials, politicians, and their staff, enabling the hackers to listen to specific conversations during limited periods.

However, investigators believe the hackers lacked the ability to access past call recordings. Instead, they collected metadata including phone numbers, call durations, and location data which can yield valuable intelligence.

A Nationwide Network Breach

Hackers exploited vulnerabilities in aging telecommunications equipment and the seams between networks operated by major carriers such as Verizon, AT&T, and T-Mobile.

Initially, investigators believed the breach was confined to systems used for court-ordered surveillance. However, new findings show the intrusion extended far deeper, affecting every major U.S. telecommunications provider.

China’s hacking efforts have evolved over two decades, transitioning from stealing intellectual property and military blueprints to targeting sensitive government data.

Past examples include the theft of security clearance files for over 22 million Americans during the Obama administration.

Unlike Russia’s high-profile disruptions such as the 2020 SolarWinds software hack or the Colonial Pipeline attack China’s approach has been more covert, focusing on long-term intelligence gains. U.S. officials now believe the recent activity reflects a shift toward deeper, systemic infiltration.

Since the breach was exposed, Chinese hackers have seemingly withdrawn, making it harder for investigators to map their full activities.

Warner cautioned that the hackers may not have been fully expelled from U.S. networks. “We’ve not found everywhere they are,” he said, emphasizing the need for continued investigation.

Warner also urged transparency to alert the public to the severity of the breach. “We have to let the American people know this,” he stated.

Lessons from Allies

Australia and Britain have already implemented minimum cybersecurity standards for their telecommunications systems following similar breaches.

Warner expressed hope that the U.S. would follow suit, using this incident as a wake-up call to strengthen its defenses.

With U.S. officials still uncovering the extent of the intrusion, the breach underscores critical vulnerabilities in the nation’s telecommunications infrastructure and raises alarms about the potential long-term consequences of such widespread access by hostile actors.

Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...