According to a recent report from The Wall Street Journal, a Chinese hacking group, identified as Salt Typhoon, allegedly hacked multiple U.S. broadband providers, including AT&T and Verizon. The breach, believed to have occurred several months ago, targeted sensitive network infrastructure used by the U.S. federal government for legal wiretapping operations.
The primary motive of the hacking attack appears to be intelligence collection.
The cyber attack reportedly targeted systems used for lawful U.S. surveillance operations, with hackers potentially gaining access to sensitive communication channels. The Wall Street Journal noted that these intrusions could have allowed Salt Typhoon to collect internet traffic data from various users, including individuals and businesses. The exact date of the breach remains unclear, but some sources suggest the group may have maintained access to these networks for several months or longer.
AT&T and Verizon have allegedly been hacked
U.S. government agencies and cybersecurity experts are actively investigating the breach to assess its impact on national security. The scale of the data exfiltration is still being evaluated. According to The Wall Street Journal, the investigation includes both public and private sector experts who are trying to determine the nature and extent of the data compromised in the attack.
Salt Typhoon, also known by other names like Earth Estries, Ghost Emperor, and FamousSparrow, has a history of targeting government entities and telecom providers, particularly in Southeast Asia. The group’s activities have now expanded to include U.S. companies like AT&T and Verizon, raising concerns about the security of communication networks used for official government operations.
Salt Typhoon has been active since at least 2019, according to Microsoft, which tracks the group’s movements closely. Other cybersecurity firms have identified similar patterns in attacks linked to the group. Previously, Salt Typhoon targeted institutions in countries like Brazil, Canada, France, and South Africa, using sophisticated tools and methods to exploit vulnerabilities in their networks.
Experts believe that Salt Typhoon gains initial access to target networks by exploiting known security flaws, such as the vulnerabilities found in Microsoft Exchange servers. In past operations, the group has used custom backdoors and hacking tools like SparrowDoor to maintain a foothold in compromised systems.
Cisco’s role in the AT&T and Verizon problem
As the investigation continues, attention has turned to the possible role of Cisco’s networking equipment in the breach. Investigators are exploring whether the hackers used vulnerabilities in Cisco routers to gain access to sensitive communication channels. A spokesperson for Cisco stated that while the company is examining the situation, there is currently no evidence linking its equipment to the attack.
The breach of AT&T and Verizon has far-reaching implications, as these companies handle vast amounts of data for both government and private-sector clients. The incident highlights the growing threat of cyber espionage by state-sponsored actors, particularly those targeting critical infrastructure in the United States.
