Chinese hack of global telecom providers is ‘ongoing,’ officials warn

The hack was first announced publicly in October and has been attributed by U.S. agencies to a Chinese government-linked hacking group known as Salt Typhoon. The effort targeted dozens of telecom companies in the U.S. and globally to gain access to U.S. political leaders and national security data.

The timeline of the hacking effort, as well as the scope of the intrusion, was not previously disclosed.

Jeff Greene, executive assistant director of cybersecurity at the Cybersecurity and Infrastructure Security Agency, and a senior FBI official said Tuesday that while agencies started cooperating on their investigations of Salt Typhoon’s activities in early October, the effort was first detected in “late spring and early summer.” He also warned that the breach is “ongoing” and that there was much law enforcement still did not know.

“We cannot say with certainty that the adversary has been evicted,” Greene said. “We’re on top of tracking them down … but we cannot with confidence say that we know everything, nor would our partners.”

Greene strongly urged Americans to “use your encrypted communications where you have it,” adding that “we definitely need to do that, kind of look at what it means long-term, how we secure our networks.” As many as 80 telecommunications companies and internet service providers, including AT&T, Verizon and T-Mobile, are believed to have been infiltrated in the hack.

Earlier on Tuesday, CISA, the FBI, the National Security Agency, and partner agencies in New Zealand, Australia and Canada released a joint alert warning that Chinese hackers were targeting “major global telecommunications providers.” Officials declined to comment on specifics, but acknowledged that “there were servers used in various countries to facilitate this activity by the Chinese.”

The United Kingdom did not sign on to the alert, making it the only nation in the Five Eyes intelligence-sharing group to be omitted. Greene attributed this to each country having “different considerations and timelines.” A spokesperson for the U.K.’s National Cyber Security Centre said Tuesday that the agency “support[s] our international partners issuing this advisory to help improve the collective resilience of telecommunications infrastructure,” and that the U.K. has a separate approach to mitigating cyber risks to its telecom providers.

The officials from the FBI and CISA noted in their briefing that there were three groups of victims in the hack. The first group was an undisclosed number of victims, mostly in the “Capital Region,” according to the officials, who were impacted by stolen call records from telecom companies. The second group — a small number of political or government-linked individuals, all of whom have been notified by officials — had their private communications compromised, according to a senior FBI official who spoke anonymously as a condition of briefing reporters.

While the officials did specify how many individuals were targeted, POLITICO previously reported that the phones of President-elect Donald Trump and Vice President-elect JD Vance were among those compromised, in both cases prior to the election.

In addition, the Chinese hackers also accessed and copied U.S. court orders, which the FBI official said were attained through the Communications Assistance for Law Enforcement statute program. This program allows law enforcement and intelligence agencies to submit court orders around intelligence collection from telecom providers.

When pressed on whether hackers were able to access court orders for intelligence collected under the Foreign Intelligence Surveillance Act — which allows U.S. intelligence agencies to collect data on foreign targets — the FBI official declined to answer directly but acknowledged that “the CALEA environment does include court orders” for FISA investigations.

The major hacking campaign has been an issue of increasing concern for U.S. lawmakers in recent weeks, with Senate Intelligence Committee Chair Mark Warner (D-Va.) describing it as the “most serious breach in our history.”

“Unless you are using a specialized app, any one of us and every one of us today is subject to the review by the Chinese Communist government of any cell phone conversation you have with anyone in America,” Sen. Mike Rounds (R-S.D.), ranking member of the Senate Armed Services Committee’s cyber subcommittee, said during a panel at last month’s Halifax International Security Forum.