The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued a joint statement warning that the People’s Republic of China (PRC) is conducting continued cyberattacks on U.S. telecommunications companies.
Both agencies say PRC actors compromised networks at multiple telecommunications companies with the aim of stealing customer call records data, compromising private communications of a limited number of individuals who are primarily involved in government or political activity, and copying certain information that was the focus of ongoing U.S. government legal cases.
This admonition by the federal government followed reports by CNN in early October that China-linked threat operation Salt Typhoon targeted major U.S. telecommunications providers AT&T, Lumen Technologies, and Verizon in attacks that reportedly involved the compromise of wiretap warrant requests in an effort to obtain intelligence.
Morgan Wright, chief security advisor at SentinelOne, said that China continues to attack telecommunications not only in the U.S., but around the world — from network compromises to undersea cable attacks. Wright said that Americans must understand that the Chinese are preparing for war, a topic he’s written about numerous times.
“The recent joint FBI/CISA warning serves a stark reminder that China doesn’t care who occupies 1600 Pennsylvania Ave.,” said Wright, an SC Media columnist. “The joint statement underscores our need to address the threat from China now — not later — and not wait for another task force. If there’s one area that should be entirely bipartisan during the transition of administration ministrations, it’s China. We ignore them at our peril.”
John Bambenek, president at Bambenek Consulting, said this recent announcement doesn’t really say much more than the announcement the agencies made on Oct. 25 on the same investigation. It’s a reminder that the PRC specifically, and intelligence agencies generally, are willing to target providers so they cast a large net to get to the victims they really want.
“Not just telcos have to worry about such targeting, PaaS/SaaS, and MSSPs at least those that service government or other organizations interesting to spy agencies need to be concerned as well,” said Bambenek. “Such organizations should develop a relationship with CISA so that they can receive more targeted information about how to find these threats in their environments.”
NSA cybersecurity expert Evan Dornbush added that Chinese threat actors breaking into U.S. organizations is not a new phenomenon, so the November 2024 timing of the discovery and how it relates to the U.S. presidential cycle isn’t particularly interesting.
“High-profile aggression has been occurring for over 20 years now. The question is what we do about it,” Dornbush queried. “On the defensive side we can let it continue to happen, or we can work to make the cost of this aggression so high that it stops. However, China is not the only nation with a military, an intelligence community, and a talent-rich population. Many governments see a strategic advantage to a strong offensive cyber capability.”
Augusto Barros, vice president of product marketing at Securonix, said the joint statement from the FBI and CISA brings serious allegations about PRC-affiliated actors compromising telecommunications providers. Although the scope of those actions seem to be of immediate concern only to a limited number of individuals who are primarily involved in government or political activities, Barros said this case highlights the importance of considering the possibility of compromising telecommunications assets.
“Organizations should ensure their network traffic is always encrypted, preferably in an end-to-end manner,” said Barros. “Additionally, targeted organizations should avoid adopting SMS-based multi-factor authentication systems for critical environments, as actions against mobile network providers can allow threat actors to perform attacks, such as SIM swapping, to compromise the MFA control.”
© Copyright 2024 CNB Tel. All rights reserved