News AI
October 7th, 2024

AT&T, Verizon reportedly hacked to target US govt wiretapping platform

U.S. broadband providers AT&T, Verizon, and Lumen Technologies were hacked by the Chinese group Salt Typhoon, potentially compromising government wiretapping systems. Investigations into the breach and its impact are ongoing.

Read original articleLink Icon
AT&T, Verizon reportedly hacked to target US govt wiretapping platform

Multiple U.S. broadband providers, including AT&T, Verizon, and Lumen Technologies, have reportedly been hacked by a Chinese hacking group known as Salt Typhoon. The breach appears to be aimed at intelligence collection, potentially allowing the hackers access to systems used by the U.S. federal government for court-authorized wiretapping requests. The exact timing of the intrusion is unclear, but it is believed that the hackers may have maintained access for several months. The attack was discovered recently and is currently under investigation by the U.S. government and cybersecurity experts. Salt Typhoon, which has been active since at least 2019, is known for targeting government entities and telecommunications companies, particularly in Southeast Asia. The group has previously exploited vulnerabilities in Microsoft Exchange Server to gain initial access to networks. Investigators are exploring various avenues for how the recent breach occurred, including potential vulnerabilities in Cisco routers, although Cisco has stated that there is no evidence of their equipment being involved. The full impact of the breach, including the amount and type of data exfiltrated, is still being assessed.

- AT&T, Verizon, and Lumen Technologies were hacked by the Chinese group Salt Typhoon.

- The breach may have allowed access to U.S. government wiretapping systems.

- Salt Typhoon has been active since 2019, targeting government and telecom sectors.

- Investigations are ongoing to determine the breach's impact and access methods.

- Cisco routers are being examined as a potential entry point for the hackers.

Related

Chinese hackers access US telecom firms, worrying national security officials

Chinese hackers access US telecom firms, worrying national security officials

Chinese government-linked hackers infiltrated U.S. telecom firms, accessing sensitive information. The Chinese Embassy denies allegations, while U.S. officials and cybersecurity experts investigate the skilled hacking group, Salt Typhoon.

Government Wiretaps in U.S. Internet Providers Infiltrated by Chinese Hackers

Government Wiretaps in U.S. Internet Providers Infiltrated by Chinese Hackers

Chinese hackers infiltrated U.S. internet providers' wiretap systems, affecting AT&T, Verizon, and Lumen Technologies. The breach raises concerns about government surveillance security and potential vulnerabilities in technology.

Chinese hackers breached US court wiretap systems, WSJ reports

Chinese hackers breached US court wiretap systems, WSJ reports

Chinese hackers breached U.S. broadband providers, accessing court wiretap systems for months. The Chinese government denied involvement, attributing the incident to the hacking group "Salt Typhoon" amid ongoing cyber espionage concerns.

Government Wiretaps in U.S. Internet Providers Infiltrated by Chinese Hackers

Government Wiretaps in U.S. Internet Providers Infiltrated by Chinese Hackers

Chinese hackers infiltrated U.S. internet providers, accessing government wiretap systems undetected for months. Major companies affected include AT&T and Verizon, raising significant national security concerns about surveillance system vulnerabilities.

China hacked Verizon, AT&T and Lumen using the FBI's backdoor

China hacked Verizon, AT&T and Lumen using the FBI's backdoor

Chinese hackers linked to state-sponsored groups infiltrated U.S. telecom networks using FBI-mandated backdoors, intercepting communications and raising concerns about vulnerabilities and the balance between national security and telecom integrity.

Link Icon 13 comments
By @NelsonMinar - 4 months
It used to be the US government worked to secure American communications. But between these backdoors and the NSA losing control of exploits thanks to the Shadow Brokers, they do more now to undermine American security than protect it.
By @neom - 4 months
Does it drive anyone else nuts when they throw in something related to the main article like this

"Security researchers also found that the threat actor attacked hotels, engineering companies, and law firms in Brazil, Burkina Faso, South Africa, Canada, Israel, France, Guatemala, Lithuania, Saudi Arabia, Taiwan, Thailand, and the United Kingdom."

but that isn't in the main article and they don't say where they got that information from?

By @photochemsyn - 4 months
Sounds like another government-approved leak to a compliant corporate media outlet by 'anonymous sources'. I don't know why the relevant government agencies don't just issue a press release unless they're unusually embarrassed by this apparent security failure. The other possibility is the story is no more true than all those 'anonymous source' leaks about Iraq's (nonexistent) chemical, biological and nuclear weapons programs from two decades ago.

If we're not going to accept Seymour Hersch's anonymously-sourced claim that the US Navy was involved in the destruction of the Nordstream pipelines, why accept this claim at face value either? For an example of reporting of a major hacking incident not reliant on anonymous government sources, see the OPM hack:

https://www.nytimes.com/2015/06/05/us/breach-in-a-federal-co...

Notably, the WSJ source report doesn't include any mention of reporters attempting to get official statements from the relevant US government agencies and being rebuffed. That smells like plausible deniability of the kind involved in the bogus Iraq WMD leaks.

By @TriangleEdge - 4 months
The article didn't say but I'm guessing the target could of been JSI Telecom. I knew some people that worked for JSI ~10 years ago and the US govt used their platform in a handful of organizations.
By @MassPikeMike - 4 months
From the article: "if hackers gained access to service providers’ core routers, it would leave them in a powerful position to steal information..."

Sorry for the newbie question, but isn't most internet traffic end-to-end encrypted, these days? So what information would the hackers, or for that matter the "lawful intercept" system , have been able to steal? I do see how accessing routers would let intruders launch malwares, spoof other sites for phishing attacks, etc.

By @xyst - 4 months
I hate how numb I have gotten to data breaches due to the incompetence of these companies. All of the major US cellular networks have all been hacked to a certain degree.
By @r721 - 4 months
Original WSJ story (unpaywalled): https://archive.is/RqwMQ
By @Hizonner - 4 months
Well, that's what happens when you deliberately compromise your own infrastructure with "lawful intercept" back doors.
By @CatWChainsaw - 4 months
So maybe surveilling everything everywhere at all times has its downsides, TLAs?
By @phendrenad2 - 4 months
Tech imitates life. Hyenas specialized in chasing lions away from their prey.
By @olliej - 4 months
Happily, this kind of attack would not compromise secure communication with government mandated "secure intercept" technology, because of magic fairy dust reasons :-/
By @jeroenhd - 4 months
Targeting wiretapping infrastructure may be a viable attack, but with how few details are available to the public, it's hard to estimate the impact. Just because a wiretapping platform was hacked doesn't mean any data was gathered, and if it really was, we don't know what kind of data.

Thanks to mobile networks, information can be anything from live internet traffic to live location information of cars and phones. However, I suspect if someone did a hack that juicy, carrier SOCs would've noticed immediately. This type of infrastructure isn't exactly hooked up to a public IP address somewhere.