Getty Images/iStockphoto

CISA, FBI confirm China breached telecommunication providers

The government agencies confirmed Wall Street Journal reports that China-backed threat actors breached telecommunication providers and access data for law enforcement requests.

CISA and the FBI confirmed that Chinese nation-state actors have compromised telecommunications provider networks to spy on government and political leaders in what the agencies called a "broad and significant cyber espionage campaign."

The government agencies published a joint statement on Wednesday, which said the U.S. has been investigating the People's Republic of China targeting telecommunications networks. An ongoing investigation revealed that Chinese nation-state actors compromised those networks and stole sensitive communications, including data for law enforcement agency requests. This is the latest report of a China state-sponsored attack against U.S. critical infrastructure.

The FBI and CISA are engaged in technical assistance and are "rapidly" sharing information to help additional potential victim organizations. The joint statement did not say which telecommunications networks were compromised or how much information Chinese nation state actors exfiltrated.

"Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders," the FBI and CISA wrote in the joint statement.

CISA and the FBI initially revealed they were investigating unauthorized access to telecommunications providers in earlier joint statement last month. The government agencies attributed the breach to the People's Republic of China but provided limited information.

The joint statement confirms a Wall Street Journal (WSJ) report published last month that a Chinese nation-state group known as Salt Typhoon breached many high-profile telecommunications providers, including AT&T, Verizon and Lumen Technologies. WSJ reported that Salt Typhoon may have gained and maintained access to law enforcement request infrastructure that the telecoms used to comply with court orders for wiretapping and other surveillance.

The WSJ first reported in September that the U.S. government was investigating Salt Typhoon breaches of telecommunications and broadband providers.

Salt Typhoon is not the only Chinese advanced persistent threat (APT) group to target U.S. critical infrastructure organizations. Another APT group known as Volt Typhoon also successfully targeted and compromised telecommunication providers, as well as victim organizations in the water and energy sectors. Earlier this year, CISA Director Jen Easterly and FBI Director Christopher Wray confirmed that Volt Typhoon actors gained and maintained access to some victim organizations for at least five years by compromising U.S.-based SOHO routers.

Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.

Dig Deeper on Network security