US says Chinese hackers breached multiple telecom providers

Hacked telecom provider

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.

"The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China," reads the announcement.

"After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims."

As the investigation is currently underway, not much information has been shared with the public.

Organizations that believe they might have been compromised by Chinese hackers are urged to contact their local FBI office or CISA and report it immediately.

"Agencies across the U.S. Government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector," concludes the announcement.

At the start of the month, it was revealed that a Chinese hacking group tracked as Salt Typhoon had breached multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies.

The operation's goal appeared to be espionage, and the hackers gained access to a communications interception system major telecoms maintain to accommodate lawful crime investigation requests by the authorities.

The FBI told BleepingComputer that they had nothing further to share beyond the joint advisory when asked if the announcement was related to the previously disclosed breaches.

BleepingComputer also contacted CISA but has not received a response at this time.

Canada targeted too

While it is expected that the United States will be targeted by elevated cyberespionage activity given the upcoming presidential elections and the culmination of influence operations, it's noteworthy that similar operations also target Canada.

The government announced on Friday that state-sponsored threat actors from China have been performing broad network scans over the past couple of months, targeting a wide spectrum of organizations.

"The majority of affected organizations targeted were Government of Canada departments and agencies, and includes federal political parties, the House of Commons and Senate. They also targeted dozens of organizations, including democratic institutions, critical infrastructure, the defence sector, media organizations, think tanks and NGOs." – Government of Canada

Canada noted, however, that these scans are limited to reconnaissance and do not constitute security breaches on the mentioned entities.

Still, its statement aims to remind important organizations in the country to implement strict security measures, including multi-factor authentication protection, logging, traffic monitoring, and anti-phishing training.