On Tuesday, December 3, American officials said that the federal government has started investigating a significant cyber intrusion by the Chinese Communist Party (CCP) into global telecommunications systems this spring, warning that the intrusion is still ongoing and may be larger in scale than previously understood. A senior U.S. official suggested that strengthening encryption could be a way to counter this threat.
In October of this year, the U.S. government publicly attributed this hacking incident to a CCP-affiliated hacker group called Salt Typhoon. The operation targeted dozens of telecommunications companies in the U.S. and globally to acquire data on American political leaders and national security.
The timeline of the hacking operation and the extent of the intrusion had not been disclosed prior to this.
Earlier on Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, National Security Agency, and cooperating agencies from New Zealand, Australia, and Canada issued a joint alert warning that CCP hackers were targeting “major global telecommunications providers.” Officials declined to comment on specific details but acknowledged that “Chinese entities (CCP) are using servers in various countries to facilitate these activities.”
Jeff Greene, Acting Assistant Director for Cybersecurity at CISA, and a senior FBI official stated that despite the joint investigation into Salt Typhoon’s activities starting in early October, the operation was initially discovered in “late spring and early summer.” He also warned that the intrusion is “ongoing,” with law enforcement agencies still having many unknowns.
“We cannot say for certain that the adversary has been evicted,” Greene said. “We are tracking them… but we cannot confidently say we know everything, and our partners won’t either.”
Greene strongly urged Americans to “use encrypted communications where there is encrypted communication.” He stated that one should understand that “encryption is your friend” and recommended avoiding the use of plain text for data transmission.
“We absolutely need to do this, think about what this means in the long term, how we protect our networks,” he added.
It is believed that as many as 80 telecommunications companies and internet service providers, including AT&T, Verizon, and T-Mobile, were compromised in this hacking attack.
Encryption is a data obfuscation technology that helps protect communications from eavesdroppers. While this is not the first time a senior U.S. official has endorsed encryption, Greene’s signal this time is starkly different from previous government messaging.
Several years ago, then-FBI director Chris Wray described strong encryption as “an urgent public safety issue,” with law enforcement officials at the time urging tech companies to weaken protections for digital communications.
Greene recommended switching to encrypted calling and messaging features, indicating the agency’s belief that CCP hackers may still be lurking in telecom networks.
Applications like WhatsApp from Meta Platforms and privacy-focused Signal offer these features.
When asked about the timeline for expelling hackers from U.S. telecom networks, Greene said, “We cannot predict when evicting outsiders will be complete.”
Officials from the FBI and CISA identified three groups of victims in the briefing. According to officials, the first group of victims, whose numbers are unspecified, mainly in the “capital area” of the U.S., were affected by stolen telecom company call records. A senior FBI official, who preferred to remain anonymous, stated that the second group of victims were a few individuals with political or government affiliations who have been notified that their private communications were leaked.
Furthermore, CCP hackers accessed and copied U.S. court orders, FBI officials said, which were obtained through the “Lawful Access to Communications” program. This program allows law enforcement and intelligence agencies to submit court orders for intelligence collection on telecom providers.
In recent weeks, large-scale CCP hacking activities have been a growing concern for U.S. congressional members, with Senate Intelligence Committee Chairman Mark Warner describing it as “the most serious breach we’ve ever had in our history.”