Telecommunications providers are still trying to evict the Chinese government-linked hackers  behind a monumental and sweeping breach that the government began investigating this spring, U.S. administration officials said Tuesday, while also providing guidance they believe can attempt to kick the attackers off the network for good.

Government agencies are also still grappling with the attack’s full scope, the officials told reporters. The hackers, a group known as Salt Typhoon, targeted officials from both presidential campaigns, including the phone of President-elect Donald Trump.

“I think it would be impossible for us to predict a time frame on when we’ll have full eviction,” said Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. “Right now, the hardening guidance that we put out specifically would make the activities that we’ve seen across the victims much harder to continue. In some cases, it might result in limiting their access.”

What’s made it harder to ensure that eviction is that there’s no single way that hackers have infiltrated the telecommunications carriers, the officials said. Those that the government notified earliest are most aware of those specifics.

“Each victim is unique. These are not cookie-cutter compromises in terms of how deeply compromised the victim might be or what the actor has been able to do,” Greene said. “So it really is case-specific in terms of how to mitigate the specific activity.”

In response to the global hacking campaign tied to the People’s Republic of China, a host of agencies released communication infrastructure-focused guidance. The agencies responsible were CISA, the National Security Agency, the Federal Bureau of Investigation, the Australian Signals Directorate’s Australian Cyber Security Centre, the Canadian Cyber Security Centre and New Zealand’s National Cyber Security Centre.

An FBI official said that media reports have been incorrect in stating that the system under which the telecommunications companies comply with government surveillance requests — the Communications Assistance to Law Enforcement Act (CALEA) — was the primary focus of the Salt Typhoon campaign. It was “only one of several targets for these actors’ collection once they got into the networks,” the official said.

“It’s really important to emphasize that our focus right now is to illuminate what the PRC did and where they had access so we can successfully remove them from across the sector,” the official said. “We continue to closely work with the companies to hunt for the activity.”

While the officials wouldn’t say how many victims it had notified or identified, “the facts and scope are expected to continuously evolve.”

The government still needs to work with the telecommunications providers on whether, in the long term, they will need to replace equipment, Greene said.

The post U.S. government says Salt Typhoon is still in telecom networks appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Using LLMs to Unredact Text

March 11, 2024 0 Comments 0 tags

Initial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.

Read More

My TedXBillings Talk

September 13, 2024 0 Comments 0 tags

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is

Read More

Operation Serengeti Disrupts $193m African Cybercrime Networks

November 27, 2024 0 Comments 0 tags

The Interpol-led Operation Serengeti has resulted in the arrest of 1000 suspects across Africa

Read More