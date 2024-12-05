



The scale of the Chinese government's hacking campaign was further highlighted Wednesday, as senior White House officials revealed that eight U.S. telecommunications giants had been hacked and companies in several other countries had also been hacked.

These breaches are part of the Salt Typhoon campaign, which first came to light after malicious actors intercepted correspondence from senior officials from both presidential campaigns, including President-elect Donald Trump and his running mate JD Vance.

Anne Neuberger, U.S. deputy national security adviser for cybersecurity and emerging technologies, reiterated to reporters Wednesday that Chinese actors were still inside the hacked systems.

Neuberger said President Joe Biden was briefed on the incident multiple times and the White House created a unified coordination group that met daily to discuss the matter.

The campaign has likely been going on for one to two years and has compromised telecommunications in the Indo-Pacific region, Europe and elsewhere.

We believe a few dozen countries were affected, she said. We believe this is a Chinese espionage program focused, again, on key government officials and the intellectual property of key companies, which will help determine which telecommunications companies have been targeted frequently and how many were also compromised.

Neuberger added that Chinese access was broad in terms of potential access to the communications of ordinary Americans, but she said the hackers were only targeting high-profile figures.

As you know, the communications of U.S. government officials rely on these private sector systems, which is why the Chinese have been able to access the communications of some senior U.S. government officials and politicians. At this time, we do not believe any classified communications have been compromised, she said.

As the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said Tuesday, companies have not been able to completely eliminate hackers from their systems. So, Neuberger said, there is a risk of continued communications compromise until U.S. companies close the cybersecurity gaps. .

The agencies have issued guidance to help engineers and grid advocates identify and remove Salt Typhoon actors. They told reporters that a complicating factor is that the hackers likely entered the companies through different vectors and also had broad goals and targets.

Read more: Cyber ​​incident forecasts Salt Typhoon review to begin in days, CISA leader says

National Security Council officials did not respond to several questions about how top officials communicate with each other securely if Chinese actors are still in each network, or whether telecom companies will inform all Americans whose data may have been intercepted in the incident. .

But Neuberger said the agency believes a large amount of U.S. metadata was harvested as part of a campaign to identify specific individuals of real interest to the Chinese government, in order to gain particular access to individual calls. , to listen to these calls, etc.

She urged affected telecom giants, including Verizon, AT&T, T-Mobile, Lumen and others, to work together and share information they might see in systems in the United States and abroad .

In a recent meeting with the leaders of these companies, senior US officials stressed that each of them must take a series of measures to further harden their systems against compromise and make real changes to the architecture of the networks telecommunications to be able to anticipate the unexpected and reduce the blast radius of events, Neuberger said.

She noted that several government departments, including the Commerce Department, are coordinating to help telecommunications companies respond to the incident.

Neuberger then compared the incident to the ransomware attack on Colonial Pipeline and said it should spur similar regulatory pressure for minimum cybersecurity standards that telecommunications companies must meet.

To prevent continued intrusions, we must require similar minimum cybersecurity practices in telecommunications. That's what other countries, from Australia to the United Kingdom, are doing, requiring cybersecurity practices for the most critical businesses to defend against Chinese and other sophisticated cyber programs, she said. declared.

We believe that if companies had minimal practices in place, secure configurations, up-to-date patches, an architecture to monitor abnormal behavior that would have detected this earlier, management of administrator accounts with multi-factor authentication that would make the task much riskier and more difficult. and it is more expensive for the Chinese to access and maintain it.

The international community must also come together to have open and honest discussions about the PRC. [Peoples Republic of China] destabilizing behavior in cyberspace and steps the global community can take to strengthen its defenses and ultimately influence the PRC to end its destabilizing behavior.

No liability

Also Wednesday, a number of agencies briefed senators on the incident. Director of National Intelligence Avril Haines spoke alongside the FBI, Federal Communications Commission, NSC and Cybersecurity and Infrastructure Security Agency, after which several senators criticized the Biden administration for failing to enough responses to incidents.

There is no liability. We haven't heard of a plan on how they're going to fix the problem. This is unacceptable, said Sen. Rick Scott (R-FL).

Sen. Ron Wyden (D-OR) told reporters he is currently working on legislation to respond to the Salt Typhoon campaign, but declined to explain the content of the bill or how it would address cybersecurity companies. telecommunications.

Wyden and another senator sent a letter Wednesday asking the Defense Department's top watchdog to review how the agency is strengthening its anti-espionage communications in light of the Salt Typhoon violations.

Rep. Mike Rounds (R-S.D.), who is expected to lead the Senate Armed Services Committee's cybersecurity subpanel in the next Congress, said one of the challenges is that the nation's telecommunications systems have been designed to be effective.

They were not necessarily built to provide security, he said, adding that it will take months for the government to provide guidance on what changes need to be made.

He supported calls for cybersecurity standards governing the telecommunications sector, but said senators were still working on how best to implement them feasibly.

The challenge is how can we influence this with private telecommunications companies and how quickly can they put these security measures in place? he said. We're not talking about a short period of time because of the amount of work it will take to get things done and make an impact. It's not like I got a new phone. It is a structure on which these cell phone systems were built.

As he left the briefing room, Senate Intelligence Committee Chairman Mark Warner (D-VA), a former telecommunications official, told reporters that the incident was by far the worst telecommunications hack.

