White House links ninth telecom breach to Chinese hackers

A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.

The Salt Typhoon Chinese cyber-espionage group who orchestrated these attacks (also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) is known for breaching government entities and telecom companies throughout Southeast Asia and has been active since at least 2019.

The White House’s deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters today that this new victim was discovered after the Biden administration released guidance to help defenders spot Chinese hackers’ activity in their networks.

“The reality is that China is targeting critical infrastructure in the United States. Those are private sector companies, and we still see companies not doing the basics,” Neuberger said, according to Bloomberg. “That’s why we’re looking forward and saying ‘Let’s lock down this infrastructure.’ And frankly, let’s hold the Chinese accountable for this.”

Neuberger first told reporters during an early December press briefing that the Chinese hacking group had breached eight U.S. telecoms and carriers in dozens of other countries.

The White House official added that “at this time, we don’t believe any classified communications have been compromised,” while a senior CISA official stated that they couldn’t “say with certainty that the adversary has been evicted.”

Since this wave of telecom breaches affecting dozens of countries has been disclosed, CISA has urged senior government officials to switch to end-to-end encrypted messaging apps like Signal to communication interception risks and released guidance to help telecom admins and engineers harden their systems against Salt Typhoon attacks.

Earlier this month, the New York Times reported that the Biden administration will ban China Telecom’s last active U.S. operations in response to Chinese state hackers breaching multiple U.S. telecom carriers. The U.S. government is also considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk.

In addition, U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecoms, and FCC Chairwoman Jessica Rosenworcel said the agency would act “urgently” to ensure that U.S. carriers are required to secure their infrastructure.