This text appeared in the ‘Top Story’ email newsletter sent on Dec. 14, 2024.
Experts are urging Congress to do more to stop Chinese state-backed hackers that have infiltrated vast swathes of U.S. telecommunications infrastructure.The Senate held a hearing this week in the wake of multiple classified briefings with intelligence leaders about the Salt Typhoon cyber espionage group, which has reportedly maintained access to infrastructure owned and operated by major providers including Verizon, AT&T, and CenturyLink for years.
“The United States, clearly, is still in a very deep cyber deterrence hole with respect to China, and the hole appears to only be getting deeper,” said James Mulvenon, chief intelligence officer at Pamir Consulting, during a Senate hearing on Dec. 11.
Salt Typhoon has engaged in a wide-ranging espionage campaign going back as far as 2022. The hackers have used persistent access to telecommunications infrastructure to collect metadata from a large number of customers, including the dates, times, and recipients of calls and texts made by an unknown number of Americans.
Though the total scale of metadata stolen is not yet known, the hackers also absconded with the actual audio files of calls and content from texts from a smaller group of users, including some at the highest echelons of government.
Mulvenon said that the United States should respond more strongly to the attack, and hold China’s reigning communist party to account for its actions.
“Cyber deterrence comes down to a response policy by Cyber Command and the other elements of the U.S. government in terms of imposing costs on the Chinese side such that it changes their calculus of the expected value of future attacks and intrusions,” Mulvenon said.
“It is clear from recent events that China, and frankly, for that measure, Moscow and Tehran, don’t feel like they’ve found America’s pain point yet when it comes to cyber in terms of an expected imposed cost or expected actions on the part of the U.S. government,” he added.
Future Vice President JD Vance acknowledged in October that he and President-Elect Donald Trump were among those targeted by Salt Typhoon for more severe data theft. The White House has said that Vice President Kamala Harris was also targeted.
Vance said that he believes use of an encryption application prevented the hackers from obtaining his texts and calls.
The FBI has contacted those whose calls and texts were targeted by the campaign, but officials have left the responsibility of notifying those whose metadata was compromised to the discretion of the telecommunications companies.
The apparent scope and severity of the Salt Typhoon attack raises questions about the security of the telecommunications infrastructure used by most Americans every day.
James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies think tank, told Congress this week that Washington must follow its warnings to Beijing with real action.
“You need to start by telling the Chinese: ‘This is unacceptable. You’ve gone too far, and if you don’t stop, we’re going to take action now,’” Lewis said.
“The next step is to actually do something.”
To that end, Lewis noted that Salt Typhoon is not an isolated incident but part of a “larger Chinese campaign to systematically exploit global telecommunications networks.”
Among the regimes other ongoing cyber attacks on U.S. infrastructure are those perpetrated by Flax Typhoon and Volt Typhoon, which have targeted consumer devices and critical infrastructure respectively.
Flax Typhoon was first revealed by the FBI in September, when the agency announced that it had disrupted a vast Chinese hacking operation that involved the installation of malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers.
The infected devices were then used to create a massive network of infected computers, or botnet, that could be used to carry out other cyber crimes, the FBI said.
Volt Typhoon is a similar group that successfully infiltrated thousands of U.S. systems including critical infrastructure related to U.S. water, gas, energy, rail, air, and ports.
All three cyber groups maintain at least some access to U.S. systems, and it is unclear when they will ever be successfully evicted.
“We’re not on the winning side of the scoreboard here in the telecommunications and cyber espionage battle,” Lewis said.
