In a breach that lawmakers are calling the most serious in U.S. history, Chinese hackers infiltrated the nation’s telecommunications systems, gaining the ability to listen to phone conversations and read text messages by exploiting outdated equipment and vulnerabilities in network connections.
The revelations come as investigators scramble to understand the full scope of the intrusion.
“The barn door is still wide open, or mostly open,” said Senator Mark Warner, chairman of the Senate Intelligence Committee and a former telecommunications executive.
Speaking in an interview on Thursday, Warner expressed shock over the depth of the breach, which was linked to a Chinese intelligence group known as “Salt Typhoon.”
The hack was initially discovered by Microsoft during the summer of 2024 and is the “worst telecom hack in our nation’s history by far,” a senior U.S. senator told.
Chinese government-linked actors have hacked multiple telecom networks, stealing customer call records, targeting private communications of government and political figures, and copying data from U.S. law enforcement court orders, according to the FBI and CISA.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Investigators revealed that the breach allowed hackers to monitor phone calls and text messages involving prominent Americans, including President-elect Donald J. Trump and Vice President-elect JD Vance.
While encrypted communication services like WhatsApp, Signal, or iMessage remained secure, hackers intercepted unencrypted texts and calls made over traditional phone networks.
The intrusion targeted national security officials, politicians, and their staff, enabling the hackers to listen to specific conversations during limited periods.
However, investigators believe the hackers lacked the ability to access past call recordings. Instead, they collected metadata including phone numbers, call durations, and location data which can yield valuable intelligence.
Hackers exploited vulnerabilities in aging telecommunications equipment and the seams between networks operated by major carriers such as Verizon, AT&T, and T-Mobile.
Initially, investigators believed the breach was confined to systems used for court-ordered surveillance. However, new findings show the intrusion extended far deeper, affecting every major U.S. telecommunications provider.
China’s hacking efforts have evolved over two decades, transitioning from stealing intellectual property and military blueprints to targeting sensitive government data.
Past examples include the theft of security clearance files for over 22 million Americans during the Obama administration.
Unlike Russia’s high-profile disruptions such as the 2020 SolarWinds software hack or the Colonial Pipeline attack China’s approach has been more covert, focusing on long-term intelligence gains. U.S. officials now believe the recent activity reflects a shift toward deeper, systemic infiltration.
Since the breach was exposed, Chinese hackers have seemingly withdrawn, making it harder for investigators to map their full activities.
Warner cautioned that the hackers may not have been fully expelled from U.S. networks. “We’ve not found everywhere they are,” he said, emphasizing the need for continued investigation.
Warner also urged transparency to alert the public to the severity of the breach. “We have to let the American people know this,” he stated.
Australia and Britain have already implemented minimum cybersecurity standards for their telecommunications systems following similar breaches.
Warner expressed hope that the U.S. would follow suit, using this incident as a wake-up call to strengthen its defenses.
With U.S. officials still uncovering the extent of the intrusion, the breach underscores critical vulnerabilities in the nation’s telecommunications infrastructure and raises alarms about the potential long-term consequences of such widespread access by hostile actors.
Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…
In a dramatic escalation of its antitrust lawsuit against Google, the U.S. Department of Justice…