Senator Calls Salt Typhoon The Worst Cyberattack In U.S. History

Chairman of the Senate Intelligence Committee, Sen. Mark R. Warner (D-Virginia), described the Chinese government's espionage campaign, which had infiltrated more than a dozen U.S. telecommunications companies, as the "worst telecom hack in our nation's history — by far," in an interview with The Washington Post this week.

Earlier this month, U.S. officials revealed that hackers linked to China had intercepted surveillance data meant for American law enforcement agencies after breaching an undisclosed number of telecom companies, The Post reported.

A group of hackers called Salt Typhoon had gained the ability to listen in on live audio calls and, in some instances, has shifted between telecom networks by exploiting "trust" connections.

Only less than 150 victims, mostly in the D.C. area, were identified, however, the records of people the hackers contacted through calls or texts number in the "millions," he said, adding that this figure could rise significantly. These records may help China identify additional targets for surveillance.

These details, some of them previously undisclosed, highlight the expanding scope of the cyberattack, which the U.S. government began to fully grasp in late September after being alerted by the industry, Warner explained

The Salt Typhoon telecom hack makes Colonial Pipeline and SolarWinds, the major cyberattacks linked to Russian-speaking criminals and to the Russian government — "look like child's play," Warner said.

He added that the intruders are still active.

Government officials classified the Salt Typhoon hack as an espionage operation rather than a prelude to infrastructure sabotage.

Hackers gained access to the system that tracks U.S. law enforcement's criminal wiretap requests, allowing them to identify individuals of interest to authorities. However, U.S. officials stated there is no evidence that hackers compromised the actual wiretap system used to listen in on calls.

The calls the Chinese hackers intercepted were not part of the "lawful intercept" system, but they did access unencrypted communications, including text messages. Officials believe that end-to-end encrypted communications, such as those on the Signal platform, remain secure.

The breach extends beyond what the Biden administration has acknowledged, with hackers gaining access to telephone conversations and text messages, Warner said in a separate interview with The New York Times, Reuters reported.

Federal agencies, including the Federal Bureau of Investigation (FBI), are investigating the cyberattack.

On November 13, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint statement that said "specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders."

The hack reportedly affected major U.S. firms, AT&T, Verizon and T-Mobile.

"This is an ongoing effort by China to infiltrate telecom systems around the world, to exfiltrate huge amounts of data," Warner said.

Reports also indicate that Chinese hackers targeted the phones of then-presidential and vice-presidential candidates Donald Trump and JD Vance, as well as other senior political figures, including individuals from Vice President Kamala Harris's campaign and State Department officials. But, the intrusion, was not directly election-related, as the hackers accessed the telecom systems months earlier, with some breaches occurring over a year ago, Warner pointed out.

Beijing has, however, denied claims it employs hackers to infiltrate foreign computer systems.