U.S. officials said Tuesday they had not been able to expel Chinese government hackers from telecommunications companies and internet service providers, warning concerned users to turn to encrypted messages and voice calls and giving no timeline for securing carriers.
The downbeat press briefing came more than three months after the first report of Chinese spies deeply penetrating major carriers for espionage, and after the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) met with scores of companies to help them shore up defenses and hunt for hackers in their networks.
“Given where we are in discovering the activity, I think it would be impossible for us to predict a time frame on when we’ll have full of eviction” of hackers from the networks, said Jeff Greene, executive assistant director for cybersecurity at CISA.
Those agencies, along with government bodies in Canada, Australia and New Zealand, also released detailed recommendations Tuesday for securing internal equipment and increasing logging to monitor for unauthorized changes.
Senior officials from the two U.S. agencies, speaking on the condition of anonymity under the ground rules of the briefing, provided the most detail to date on what the hackers have been able to accomplish in one of the most far-reaching attacks yet detected.
They said the investigation into a hacking team known as “Salt Typhoon” began in the spring but has not revealed every aspect and might take years to complete.
One of the officials called the hacking campaign “broad and significant” and said it resulted in the theft of a “large amount” of sensitive data.
The hackers were able to penetrate some of the carriers’ portals that law enforcement uses to submit court orders for monitoring specific telephone numbers, the officials said. They acknowledged that intelligence officials use the same portals for some foreign surveillance. That access would give the intruders some idea about what other Chinese operatives and projects were being scrutinized, a standard counterintelligence objective.
The hackers eavesdropped on an unspecified number of government and political targets who have been notified by authorities, a senior FBI official said. The Washington Post previously reported attempts to monitor people in both presidential campaigns.
Officials confirmed that at least one individual affiliated with Donald Trump’s campaign had calls intercepted.
In addition, the Chinese hackers had broad access to calling records showing which numbers communicated, but not the content of those calls and texts. Most of the data concerned accounts “based in the national capital region,” around Washington, the FBI official said.
The officials said that the level of penetration varied among the victim companies and that the espionage campaign spanned the globe. They did not name the companies, which have been reported as including AT&T, Verizon and T-Mobile, and suggested that they had cleared some but not all of the targeted networks.
“The actors stole a large volume of records, including data on where, when, and with whom individuals were communicating,” one of the officials said.
“We cannot say with certainty that the adversary has been evicted because we still don’t know the scope of what they’re doing,” said a second official. “It is not the case that we’ve been moving slowly or we’re sitting on this.”
Much of the guidance for “hardening” defenses would apply to all companies and a wide array of equipment. But one section was devoted specifically to strengthening networking gear from Cisco Systems, identified by people familiar with the investigation as one of the ways hackers got in.
The Chinese Embassy in Washington did not immediately respond to requests for comment on the latest revelations.
Beijing has previously denied allegations of conducting large-scale hacking operations, often accusing U.S. authorities of fabricating claims about state-sponsored cyberattacks.
While the officials acknowledged that the targeting of telecommunications companies marked a new operation, they characterized it as consistent with a long-standing pattern of Chinese espionage.
“The Chinese have used any vector possible to inform their overall intelligence base, to guide policy decisions,” an official said. In recent years, China has significantly expanded its cyber capabilities through a national strategy that enlists citizen hackers for state-sponsored cyber operations.
Policies now require private-sector cyber experts in China to report vulnerabilities directly to their government. Additionally, Beijing has ramped up elite hacking competitions, often overseen by state intelligence agencies and law enforcement, further integrating private expertise into its cyber apparatus.