A staff member of Huawei uses her mobile phone at the Huawei Digital Transformation Showcase in Shenzhen, China's Guangdong province on March 6, 2019. On Friday, a ninth U.S. telecom company was identified as part of a Chinese espionage effort. (Wang Zhao/AFP via Getty Images/TNS)
WASHINGTON (Tribune News Service) — A White House official said Friday the U.S. identified a ninth telecommunications company impacted by a wide-ranging Chinese espionage effort and that further steps are planned to curb cyberattacks from Beijing.
As the Biden administration learns about the scope and scale of the so-called Salt Typhoon breach that it attributed to China, officials are laying the blame on companies that were slow to identify the attack.
“The reality is that China is targeting critical infrastructure in the United States. Those are private sector companies, and we still see companies not doing the basics,” Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, told reporters Friday.
“That’s why we’re looking forward and saying ‘Let’s lock down this infrastructure,’” she added. “And frankly, let’s hold the Chinese accountable for this.”
The Commerce Department this month moved ahead with a ban of China Telecom and, according to Neuberger, similar actions will be released in the next month.
Salt Typhoon is the name given to the hacking group behind the attacks. Microsoft Corp. assigns cyberthreat actors different names, to better identify and reference incidents, with the moniker “typhoon” used for activity originating from or attributed to China.
Neuberger said one of the nine telecoms breached involved an administrator account that had access to over 100,000 routers.
“So when the Chinese compromised that account, they gained that kind of broad access across the network. That’s not meaningful cybersecurity to defend against the nation-state actors,” Neuberger added.
The U.S. still doesn’t have an exact assessment of how many Americans were targeted, Neuberger said. A large number of individuals were affected by geolocating around the Washington, D.C., and Virginia area — but fewer than 100 individuals’ phone calls and texts were hacked, she said.
The Federal Communications Commission is voting on a rule in mid-January that would help protect America’s critical infrastructure, Neuberger said. She said the General Services Administration is reviewing government contracts to require better cybersecurity practices.
Neuberger also cited an alarming increase in the number of health-related hacks that exposed Americans’ health care information and left them vulnerable to blackmail and said that the Department of Health and Human Services will propose new rules to protect medical data.
©2024 Bloomberg L.P.
Visit bloomberg.com.
Distributed by Tribune Content Agency, LLC.
