Chinese attackers get access to AT&T, Verizon broadband used for court-approved wiretaps

According to a report in today's Wall Street Journal, a cyberattack with ties to the Chinese government was able to infiltrate the networks used by some U.S. wireless providers. These are the same wireless firms used by the U.S. government to handle court-approved wiretapping requests. People familiar with the matter referred to this as a national security risk and added that the hacking also allowed the attackers to have access to other, more generic internet traffic.

AT&T, Lumen Technologies, and Verizon were three of the companies whose networks were attacked by a "sophisticated" Chinese hacking group called Salt Typhoon which is focused on the gathering of intelligence information. Spokesmen for all three firms declined to comment about the Salt Typhoon hacking.

The surveillance system under attack is used for domestic wiretaps in criminal and national security investigations. Federal law requires telecommunications and broadband companies to allow the feds to intercept communications if so ordered to via a legitimate court order. The attack was discovered over the last few weeks and is being investigated by the U.S. government and private security firms.

The report says that the attackers were able to collect internet traffic from internet service providers in the U.S. that serve companies both large and small, and millions of Americans. Some of the hackers also targeted a small number of foreign internet service providers. The U.S. government feels that the attacks are "historically significant and worrisome" according to a person who is knowledgeable about the attack. 

Attempts by China to infiltrate U.S. infrastructure such as airports, power stations, and water treatment plants could be part of a plan by China to launch cyberattacks against the U.S. The cyberattack on AT&T, Lumen, and Verizon gives U.S. investigators another puzzle piece to go through. Investigators are also concerned that the Chinese attackers might have been able to access Cisco's routers that direct most of the traffic on the internet. A Cisco spokesmen say that the company is looking into the matter.

Microsoft is also looking into the Salt Typhoon attack to try and discover if any sensitive information was accessed by the Chinese attackers. Back in August, Microsoft wrote a research note that said Salt Typhoon, based out of China, has been active since 2020 and focuses on espionage and data theft while capturing network traffic.

That these attacks are real and worrisome were confirmed last month by U.S. officials who said that they took down a network consisting of over 200,000 routers, cameras, and other consumer-oriented devices that were used by a Chinese hacking group in an attempt to break into U.S. networks.