"A cyberattack tied to the Chinese government penetrated the networks of a wide swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.
For months or longer, the hackers may have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.
Verizon, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently-discovered intrusion, the people said.
The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said.
Spokesmen for AT&T, Verizon and Lumen declined to comment on the Salt Typhoon campaign.
Companies are generally required to disclose material cyber intrusions to securities regulators within a short time frame, but in rare cases, federal authorities can grant them an exemption from doing so on national security grounds.
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband firms must allow authorities to intercept electronic information pursuant to a court order.
The attack, and its significance, was discovered in recent weeks and remains under active investigation by the U.S. government and private-sector security analysts. Investigators are still working to confirm the breadth of the attack and the degree to which the actors observed data and exfiltrated some of it, the people said.
The hackers appear to have engaged in a vast collection of internet traffic from internet service providers which count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside of the U.S., the people said.
A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome.
Senior U.S. officials have for years warned about the economic and national security implications of China's multipronged spying operations, which can take the form of human espionage, business investments and high-powered hacking operations.
More recently, officials have been alarmed by alleged efforts by Chinese intelligence officers to burrow into vulnerable U.S. critical infrastructure networks, such as water-treatment facilities, power stations and airports. They say the efforts appear to be an attempt by hackers to position themselves such that they could activate disruptive cyberattacks in the event of a major conflict with the U.S.
The Salt Typhoon campaign adds another piece to the puzzle.
Investigators are still probing the origins of the Salt Typhoon attack and are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet, The Wall Street Journal previously reported. A Cisco spokeswoman said earlier that the company is looking into the matter, but has received no indication that Cisco routers were involved. The spokeswoman didn't respond to a request for comment Friday.
China has denied allegations from Western governments and technology firms that it relies on hackers to break into foreign government and business computer networks.
The Chinese Embassy in Washington didn't respond to a request for comment.
Microsoft is investigating the new Salt Typhoon intrusion along with other cybersecurity firms and what sensitive information may have been accessed. Microsoft helps companies respond to cyber intrusions using data from its vast, globe-spanning network of hardware and software and has assigned some China-linked campaigns the Typhoon moniker.
Salt Typhoon has been active since 2020 and is a nation-state hacking group based out of China, which focuses on espionage and data theft, particularly capturing network traffic, Microsoft said in a research note written in August." [1]
1. U.S. News: U.S. Wiretap Systems Targeted in Hack --- Cyberattack linked to China is viewed as a potentially catastrophic breach. Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert. Wall Street Journal, Eastern edition; New York, N.Y.. 05 Oct 2024: A.3.
Komentarų nėra:
Rašyti komentarą