FBI, CISA say Chinese hackers are still lurking in US telecom systems

Leading U.S. cybersecurity agencies on Tuesday said that Chinese hackers likely still have access to critical telecommunications systems, and published guidance to help engineers and network defenders identify and remove the threat actors.

In a call with reporters, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said the agencies have been investigating the incident since late spring, and have uncovered an expansive campaign that some lawmakers are calling the worst telecom hack in the nation’s history. The group behind the incident, Salt Typhoon, deeply penetrated multiple telecom companies and stole vast amounts of data on where, when and who individuals were communicating with. 

In some cases, the hackers were able to intercept audio and text. The group targeted officials from both presidential campaigns, including President-elect Donald Trump and his running mate JD Vance.

But the officials admitted that there are still many unanswered questions, including the extent of the breach itself.

“We cannot say with certainty that the adversary has been evicted, because we’re still understanding the scope,” one senior official said, adding that it would be impossible to predict when the hackers would be fully removed from the systems.

The agencies have been working with “scores” of telecom companies in recent months to investigate the breach and help kick out the intruders. Earlier on Tuesday, CISA and the FBI, as well as the National Security Agency (NSA) and its counterparts in Australia, Canada and New Zealand issued “visibility and hardening guidance” tailored to the telecommunication industry and other critical infrastructure sectors.

One complicating factor is that the hackers likely breached companies through different vectors, and also had broad aims and targets. Earlier media reports incorrectly stated that the hackers were focused on the law enforcement wiretap system — the the Communications Assistance to Law Enforcement Act (CALEA) — the officials said, adding that it was “one of several targets.”

The officials said they believed a huge amount of metadata on phone calls and texts were “essentially swept up by the adversary,” which also obtained call and text content from a select group of targeted individuals who were mostly associated with the U.S. government.

The officials did not answer questions about the number of Americans impacted, or broader changes that might need to be made to harden U.S. telecom infrastructure.

“We need to do some hard thinking long-term on what this means and how we're going to secure our networks,” one official said.