Probe finds ninth US telecommunications firm hacked by China-backed ‘Salt Typhoon’ hacking group, as companies close security loopholes

A ninth US telecommunications company was hacked as part of a wide-ranging Chinese-backed cyber-espionage campaign, a White House official said, broadening the scope of the hack that first came to light in October.

Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, said the White House has begun sharing threat-hunting guides and instructions for hardening systems with telecoms firms.

The guidelines helped to unearth a ninth hacked telecommunications company, in addition to the eight that were previously known to have been compromised by the group designated Salt Typhoon, Neuberger said.

In a previous briefing earlier this month Neuberger said the risk of hacking activity at such companies remains high while they harden their systems.

Security gaps

At a press event on Friday she said ongoing investigations had uncovered basic flaws in security practice that had allowed the earlier hacks to occur.

In one case, for instance, the hackers obtained credentials to a single administrator account that had access to more than 10,000 routers, she said.

“The reality is that from what we’re seeing regarding the level of cybersecurity implemented across the telecom sector, those networks are not as defensible as they need to be to defend against a well-resourced, capable offensive cyber actor like China,” said Neuberger.

She said the White House can still not definitely say the affected networks have removed the hackers from their systems.

She said the number of individuals whose phones were spied on via the attacks numbered “less than 100” and indicated the attackers were focusing on people located in the Washington, DC area.

The hackers “the goal of identifying who those phones belong to and if they were government targets of interest for follow-on espionage and intelligence collection of communications”, she said.

Political espionage

The attacks are believed to have targeted the phones of prominent politicians and other people involved in political activity.

Neuberger said the situation should be aided by draft FCC rules published in early December that would force telecoms companies to harden their networks or face fines.

Similar rules have been in place in Australia since 2018 and the UK since 2022.

“When I talked with our UK colleagues and I asked, ‘do you believe your regulations would have prevented the Salt Typhoon attack?’, their comment to me was, ‘We would have found it faster. We would have contained it faster, [and] it wouldn’t have spread as widely and had the impact and been as undiscovered for as long had those regulations been in place’,” said Neuberger.

“That’s a powerful message.”

China has denied involvement in the attacks.