Chinese cybercriminal groups attack commercial telecoms infrastructure

Updated on 13/11/2024

13/11/2024

In late October, the FBI and CISA reported that the Chinese APT group Salt Typhoon (also known as Earth Estries, FamousSparrow, Ghost Emperor and UNC2286) was behind attacks on several internet providers such as AT&T, Verizon and Lumen Technologies. However, the investigation continued and in a second joint statement, they confirmed that these actions are part of a cyber espionage campaign targeting the telecommunications sector.

While the investigation is ongoing and further victims are not ruled out, it is understood that the cybercriminals had access to these companies for months, which has allowed them to obtain a vast amount of information on users and companies (both large and small), including call records and information subject to court orders by US law enforcement agencies. Private conversations of a small group of individuals belonging to the government or political organisations were also compromised.

References

13/11/2024

cisa.gov

Joint Statement from FBI and CISA on the People's Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure
13/11/2024

fbi.gov

Joint Statement from FBI and CISA on the People's Republic of China Targeting of Commercial Telecommunications Infrastructure
13/11/2024

bleepingcomputer.com

US govt officials’ communications compromised in recent telecom hack
13/11/2024

politico.com

China-linked hackers stole wiretap data from telcos, FBI and CISA say
14/11/2024

therecord.media

US agencies confirm Beijing-linked telecom breach involving call records of politicians, wiretaps
14/11/2024

reuters.com

China-linked hackers stole surveillance data from telecom companies, US says

Etiquetas