Chinese state-sponsored hackers compromised at least eight U.S. telecommunication companies, a top White House official said on Dec. 4.
Anne Neuberger, deputy national security adviser for cyber and emerging technologies, provided an update on the Chinese threat actor group called “Salt Typhoon” during a press briefing on Wednesday. The threat group is believed to have hacked into the communications of senior U.S. government officials and prominent political figures, she said.
“We don’t believe any classified communications has been compromised,” Neuberger said.
The Chinese hacking appeared to target a relatively small group of Americans, she added, with only their phone calls and texts compromised.
The telecommunications companies that were breached have responded, but none of them “have fully removed the Chinese actors from these networks,” according to Neuberger.
“So there is a risk of ongoing compromises to communications until U.S. companies address the cybersecurity gaps the Chinese are likely to maintain their access,” Neuberger said.
In October, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified the Chinese hacks, saying at the time that an investigation was underway.
In late November, Neuberger and White House national security adviser Jake Sullivan hosted telecommunications executives for a meeting to share intelligence and discuss how the U.S. government and the private sector could work together.
Neuberger said President Joe Biden has been briefed multiple times on the issue. The White House “has made it a priority for the federal government to do everything it can,” she added.
Additionally, Neuberger pointed to efforts to improve cybersecurity in multiple sectors including rail and energy, after the 2021 ransomware attack on Colonial Pipeline.
“So, to prevent ongoing Salt Typhoon type intrusions by China, we believe we need to apply a similar minimum cybersecurity practice,” Neuberger said.
Also at Wednesday’s press briefing, a senior administration official said Salt Typhoon’s activities started at least a year or two ago. Additionally, the official said a “couple dozen” countries have been impacted by the Chinese hacking.
The FBI and the CSIA issued a joint statement on Nov. 13, revealing that Chinese hackers had compromised the networks of multiple telecom companies and stole customer call records and private communications from “a limited number of individuals who are primarily involved in government or political activity.”
On Tuesday, the FBI, the CISA, the National Security Agency (NSA), and international partners published a guide on best practices for protecting communication infrastructures.
CISA Executive Assistant Director for Cybersecurity Jeff Greene conceded on Tuesday that he didn’t have a timeline on when Chinese hackers could be purged from U.S. telecom networks.
“It would be impossible for us to predict when we'll have full eviction,” Greene said at the time.
In September, the Justice Department announced that the FBI had taken down a botnet associated with “Flax Typhoon,” a threat group operating through the Beijing-based Integrity Technology Group. The botnet consisted of more than 200,000 consumer devices—such as network cameras, video recorders, and home and office routers—in the United States and elsewhere.
Another Chinese threat group, “Volt Typhoon,” began targeting a wide range of networks across U.S. critical infrastructure in 2021. The group, which was dismantled by a multi-agency operation in January, had maintained “access and footholds within some victim IT environments for at least five years,” according to CISA.
On Dec. 3, Rep. Laurel Lee (R-Fla.), a member of the House Committee on Homeland Security, said her legislation, officially known as the Strengthening Cyber Resilience Against State-Sponsored Threats Act, will combat the Chinese Communist Party’s growing threats against U.S. critical infrastructure.
“The Chinese Communist Party (CCP) will continue to exploit and undermine our national security every chance they get. We must stand up against foreign adversaries,” Lee wrote on the social media platform X.
If enacted, the legislation (H.R.9769) would create an interagency task force led by CISA and the FBI to deal with cybersecurity threats posed by China’s state-sponsored cyber threat groups. It would also require the new task force to inform Congress of its findings every year for five years.