The Cybersecurity and Infrastructure Security Agency and the FBI on Tuesday urged U.S. telecommunications companies and their customers to take extra precautions.
Chinese hackers, blamed for compromising U.S. telecommunications infrastructure and spying on presidential campaigns and U.S. officials, remain entrenched in those systems, according to senior U.S. officials who warn it could be years before that the hackers are expelled.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI on Tuesday urged U.S. telecommunications companies and their customers to take extra precautions, saying the breach could be deeper than previously thought. which was originally thought.
“We can't say with certainty that the adversary has been pushed out because we don't yet know the extent of what they're doing,” Jeff Greene, CISA's executive deputy director for cybersecurity, said during a briefing with reporters.
“We can't say with certainty that we know everything, nor would our partners know it,” Greene said. “We're still trying to understand.”
A senior FBI official who also spoke to reporters was similarly cautious.
“Understanding the scope of adversary activity through our investigations, in a situation of this magnitude, is measured in years,” the official said, speaking on condition of anonymity to discuss details of the breach investigation.
China-linked hackers have been evasive, adjusting their behavior as more information about their activities becomes public.
“As more comes to light, their TTPs (tactics, techniques and procedures) and their approach change,” the official warned. “They may remain inactive for a while to lower their profile.”
News of the breach emerged in October, when the China-linked cyber gang known as Salt Typhoon was linked to efforts to intercept communications for the presidential campaigns of US President-elect Donald Trump and his Democratic rival, Vice President Kamala Harris.
Less than a month later, CISA and the FBI warned that Chinese efforts to spy on the Trump and Harris campaigns were just the beginning of “a broad and significant cyber espionage campaign” that penetrated several American telecommunications companies.
China has repeatedly denied the US accusations, accusing Washington of a smear campaign aimed at weakening Beijing.
“For quite some time, the US side has been patching together all kinds of disinformation about 'Chinese hacker' threats to serve its own geopolitical ends,” Liu Pengyu, a spokesperson for the Chinese embassy in Washington, told VOA in an email. Tuesday about the latest allegations.
“China firmly opposes and combats all kinds of cyber attacks,” Liu said. “The United States must stop its own cyber attacks against other countries and refrain from using cybersecurity to smear and slander China.”
But U.S. officials have repeatedly rejected Chinese denials, and now say the Chinese breach goes even further than initially thought, affecting telecommunications companies around the world, and appears to be part of a broader effort. of the Chinese government to collect information on adversaries around the world.
“Certainly the way they did it was very, very specific,” the senior FBI official said, noting the focus on telecommunications infrastructure and Internet service providers. “But it fits into the category of cyber espionage to really inform the global objectives of the Chinese.”
Neither CISA nor the FBI would say how many telecommunications companies or how many countries have been affected.
But the agencies said Chinese efforts in the U.S. fall into three categories: individual communications, customer call records and requests by U.S. law enforcement pursuant to court orders.
The focus on individual communications appears to be on intercepting the audio of phone calls and the content of text messages from a select number of high-profile US government officials, such as individuals from the Trump and Harris campaigns.
The bulk collection of customer call logs appears to be more random.
“Basically, they stole data about where, when and who people were communicating with,” the senior FBI official said.
“We don't believe those were a specific target,” the official added. “Basically, we believe they were basically wiped out by the adversary.”
Officials said the third category of intercepted information, related to law enforcement requests and court orders, also appears to have been targeted somewhat by chance.
Forensic analysis in two of the cases in which Chinese hackers accessed law enforcement information “has indicated that the actors were elsewhere in their network performing reconnaissance tasks before moving to the (law enforcement portal). order) and surrounding devices,” the FBI official said.
However, it is unclear how far the Chinese hackers went.
Officials said the hacked portal includes some court orders related to foreign intelligence collected under the Foreign Intelligence Surveillance Act, but they declined to say whether China-linked hackers took any of that information.
“We are not prepared to answer that question today,” the senior FBI official said.
For now, the FBI and CISA are urging telecommunications companies to bolster their defenses, issuing an advisory to cyber agencies in Canada, Australia and New Zealand on steps they can take to reduce the threat.
They also urged companies who believe they may have been victims to come forward.
“The companies that have worked most closely with us are the ones that have made the most progress in kicking actors out of their networks,” the senior FBI official said.
The FBI and CISA are also urging consumers to be more vigilant about security, whether by keeping cell phones and other devices up to date with security updates or using encrypted platforms for messaging and other communications. “We're not seeing any novel technique,” said CISA's Greene, adding that China-linked hackers appear to have simply exploited known vulnerabilities in the telecommunications infrastructure environment.
“Encryption is your friend, whether it's text messaging or if you have the ability to use encrypted voice communications,” Greene said. “Even if the adversary is able to intercept the data, if it is encrypted, it will be impossible, if not downright difficult, for them to detect it.”