China-Connected Hackers Accessed Cellphone Data
China-linked hackers accessed the cellphone lines of politicians and senior national security officials (The Wall Street Journal, subscription).
What’s going on: This attack “allowed them to scoop up call logs, unencrypted texts and some audio from potentially thousands of Americans and others with whom they interacted. The emerging picture of the intrusion’s reach helps confirm the intelligence community’s concerns about the potentially dire national security consequences of the attack.”
- The hacking is part of a campaign, at least eight months long, that was uncovered by the Journal in September. That month, the U.S. disrupted more than 200,000 routers, cameras and other connected devices being used by another China-based hacking group.
- The group that targeted cell data, called Salt Typhoon by investigators, also seems to have infiltrated communications networks outside the U.S., “though it isn’t yet clear where or how extensively.”
- Though the bad actors seemed to have been able to access the data of huge numbers of cellphone users, they limited their targets to a few dozen high-profile people.
Why it’s important: “[A]s U.S. officials and security experts piece together what the hackers … were able to achieve, they have assembled clues that fuel concerns that China’s mastery of cyber-espionage is dangerously advanced.”
- At one carrier and government contractor this past summer, “hackers stole credentials to give themselves access to parts of the management layer of the company’s infrastructure [to help them] quietly collect information about how network routers were configured and perform other reconnaissance for more than a month before they were caught.”
- The cyber criminals have also tried to “reenter patched systems after being ejected from them by exploiting additional powerful vulnerabilities, some of which weren’t previously known to cybersecurity analysts.”
- U.S. investigators have learned the hackers were working for a Chinese agency, probably the Ministry of State Security, and have identified a specific contractor they believe is responsible.
What they stole: “The hackers were able to capture at least some voice audio from some compromised victims, including people affiliated with both Trump and Harris campaigns, investigators have learned. It is unclear whether they recorded actual calls, voice memos or something else.”