FBI warns Chinese hackers are targeting telcos in major espionage campaign
FBI warns Chinese hackers are targeting telcos in major espionage campaign

Ben Wodecki
November 14, 2024 10:17 AM
A digital graphic of China's flag superimposed on red binary

US security agencies claim Chinese-affiliated hackers are conducting a “broad and significant cyber espionage campaign” against US telco operators.

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) revealed as part of an ongoing investigation that Chinese-linked actors are deliberately targeting commercial telecom infrastructure.

The security agencies suggested that hackers have compromised multiple operator networks to steal customer call records data and private communications from individuals “primarily involved in government or political activity.”

The investigation opened in late October after the FBI identified malicious activities targeting telecom operators by threat actors “affiliated with the People’s Republic of China.”

That initial breach led to a wider investigation, during which the agencies said they uncovered a cyber espionage campaign in which hackers are directly targeting operators.

In addition to customer call data, the hackers also were able to copy information requested by US law enforcement agencies as a result of court orders.

“We expect our understanding of these compromises to grow as the investigation continues,” the agencies said in an update.

The security agencies said they were providing technical assistance to operators, sharing information to assist victims and working to help strengthen cyber defences across the sector.

“We encourage any organisation that believes it might be a victim to engage its local FBI Field Office or CISA,” the security agencies said.

Reports by The New York Times suggested that Chinese hackers were targeting phones used by President-elect Donald Trump and Vice President-elect JD Vance, with Vice President Kamala Harris also targeted.

The threats posed by Chinese actors add to the growing threat from Iranian cyber actors targeting critical infrastructure sectors, with the FBI and CISA warning in mid-October that hackers were attempting to exploit multi-factor authentication (MFA) vulnerabilities to gain access to the security of infrastructure organisations.

