The Chinese hacking campaign affected dozens of countries worldwide, an administration official said.
Chinese state-sponsored hackers have compromised at least eight U.S. telecommunication companies, a top White House official said on Dec. 4.
Anne Neuberger, deputy national security adviser for cyber and emerging technologies, provided an update on the Chinese threat actor group called “Salt Typhoon” during a press briefing on Dec. 4. The threat group is believed to have hacked into the communications of senior U.S. government officials and prominent political figures, she said.
“We don’t believe any classified communications has been compromised,” Neuberger said.
The Chinese hacking appeared to target a relatively small group of Americans, she said, with only their phone calls and texts compromised.
The telecoms that were breached have responded, but none of them “have fully removed the Chinese actors from these networks,” Neuberger said.
“So there is a risk of ongoing compromises to communications, [and] until U.S. companies address the cybersecurity gaps, the Chinese are likely to maintain their access,” she said.
In October, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified the
Chinese hacks, saying at the time that an investigation was underway.
In late November, Neuberger and White House national security adviser Jake Sullivan
hosted telecom executives for a meeting to share intelligence and discuss how the U.S. government and the private sector could work together.
Neuberger said President Joe Biden has been briefed multiple times on the issue. The White House “has made it a priority for the federal government to do everything it can,” she said.
“So, to prevent ongoing Salt Typhoon type intrusions by China, we believe we need to apply a similar minimum cybersecurity practice,” she said.
Also at the Dec. 4 press briefing, a senior administration official said Salt Typhoon’s activities started at least a year or two ago. The official said a “couple dozen” countries have been impacted by the Chinese hacking.
The FBI and the CSIA
issued a joint statement on Nov. 13, revealing that Chinese hackers had compromised the networks of multiple telecom companies and stolen customer call records and private communications from “a limited number of individuals who are primarily involved in government or political activity.”
On Dec. 3, the FBI, the CISA, the National Security Agency, and international partners
published a guide on best practices for protecting communication infrastructures.
CISA Executive Assistant Director for Cybersecurity Jeff Greene
conceded on Dec. 3 that he didn’t have a timeline on when Chinese hackers could be purged from U.S. telecom networks.
“It would be impossible for us to predict when we'll have full eviction,” Greene said at the time.
In September, the Justice Department
announced that the FBI had taken down a botnet associated with “Flax Typhoon,” a threat group operating through the Beijing-based Integrity Technology Group. The botnet consisted of more than 200,000 consumer devices—such as network cameras, video recorders, and home and office routers—in the United States and elsewhere.
Another Chinese threat group, “Volt Typhoon,” began targeting a wide range of networks across
U.S. critical infrastructure in 2021. The group, which was
dismantled by a multiagency operation in January, had
maintained “access and footholds within some victim IT environments for at least five years,” according to CISA.
On Dec. 3, Rep. Laurel Lee (R-Fla.), a member of the House Committee on Homeland Security, said her legislation, officially known as the Strengthening Cyber Resilience Against State-Sponsored Threats Act, will combat the Chinese Communist Party’s growing threats against U.S. critical infrastructure.
“The Chinese Communist Party (CCP) will continue to exploit and undermine our national security every chance they get. We must stand up against foreign adversaries,” Lee
wrote on the social media platform X.
If enacted, the legislation (
H.R.9769) would create an interagency task force led by CISA and the FBI to deal with cybersecurity threats posed by China’s state-sponsored cyber-threat groups. It would also require the new task force to inform Congress of its findings every year for five years.
The Associated Press contributed to this report.