Salt Typhoon branded 'Worst telecom hack' in US history

Vulnerability blamed on legacy infrastructure – and China

Chinese hackers are actively listening in on calls and intercepting communications in real time, says a US senator.

Democrat Mark Warner of Virginia, chairman of the Senate Intelligence Committee, shared new details about the breach in an interview with The Washington Post.

Warner revealed that the China-backed hackers have not only accessed sensitive customer data from major US telecom providers but are actively listening in on calls and intercepting unencrypted communications in real time.

They have exploited trust relationships between telecom networks to move seamlessly across systems. They have even gained access to the system that logs US law enforcement requests for wiretaps, potentially compromising ongoing investigations.

Warner said the hack makes Colonial Pipeline and SolarWinds "look like child's play," comparing the hack to two of the most notable US cyber incidents in recent history.

What is Salt Typhoon?

The details of the telecom breach first emerged last month, when the Wall Street Journal reported that a Chinese hacking group had compromised networks operated by Verizon, AT&T and Lumen Technologies.

Microsoft refers to this group as Salt Typhoon, while other companies track it under different names, including FamousSparrow (ESET), Earth Estries (Trend Micro), UNC2286 (Mandiant) and Ghost Emperor (Kaspersky).

The group has been active since at least 2019 and is believed to be backed by the Chinese government.

Salt Typhoon has a history of targeting government organisations, telecommunications firms and other critical infrastructure. Hackers typically gain initial access to their targets by exploiting security vulnerabilities like the ProxyLogon bugs in Microsoft Exchange Server (CVE-2021-26857, CVE-2021-26855, CVE-2021-27065 and CVE-2021-26858).

The group's infiltration of US telecom companies allegedly began over a year ago, giving hackers extended access to sensitive networks.

Removing them will be an arduous process, requiring the replacement of thousands of outdated routers, switches, and other hardware across the country.

Legacy tech makes US “particularly vulnerable”

While fewer than 150 direct victims have been notified, Warner said that the scope of the breach is much larger, as call and message records related to those individuals span millions.

"That number could go up dramatically," he warned, noting that this data could help China identify further high-value targets.

Among the known targets are the phones of Donald Trump, his running mate Sen. J.D. Vance (R-Ohio), Vice President Kamala Harris's campaign staff, and State Department officials.

Lawmakers argue that the lack of oversight and outdated infrastructure has made the US vulnerable to such attacks.

Warner described the US telecom system as a "hodgepodge of old networks," making them particularly vulnerable compared to centralised European systems.

With Salt Typhoon still entrenched in telecom networks, federal agencies, including the FBI and Cybersecurity and Infrastructure Security Agency (CISA), are racing to contain the damage.

Warner stressed that without immediate action to secure US telecom infrastructure, the nation will remain vulnerable to further attacks.

"This is an ongoing effort by China to infiltrate telecom systems around the world, to exfiltrate huge amounts of data," Warner said.

The breach, he warned, is only the beginning of a larger battle to safeguard critical infrastructure in an era of increasingly sophisticated cyber threats.