China’s Salt Typhoon Hacks AT&T and Verizon, Accessing Wiretap Data: Report

China’s Salt Typhoon hacked AT&T, Verizon, and Lumen, compromising wiretap systems used in criminal investigations. The breach, linked to China, poses national security concerns in the United States and affects sensitive telecom infrastructure.

A sophisticated hacking group known as Salt Typhoon believed to be linked to China, has breached the systems of major U.S. telecom companies AT&T, Verizon, and Lumen Technologies, potentially compromising sensitive government data.

This was reported by the Wall Street Journal raising significant national security concerns, as the attackers may have accessed systems used to handle court-authorized wiretapping—critical tools in tracking criminal and national security activities.

****What Happened?****

The group, described as an advanced persistent threat (APT) with ties to the Chinese state, infiltrated several large broadband providers. According to sources familiar with the breach, Salt Typhoon targeted these telecom networks to gain access to sensitive information, possibly including data about government wiretapping operations. This capability is key for law enforcement in monitoring suspects and building cases against criminal organizations.

The breaches reportedly include systems that work with government wiretap requests, and it is feared that hackers could have intercepted these communications, compromising ongoing criminal investigations. The WSJ also mentioned the possibility of the group accessing broader internet traffic, increasing the severity of the breach.

****Who Was Affected?****

AT&T, Verizon, and Lumen Technologies were named as the primary victims of the attack, but it’s suggested that the impact may not be limited to these companies alone. According to the report, some of the affected telecom companies are also involved in providing services to other firms, which might imply a more widespread exposure of data.

Moreover, the attackers might have gained access to systems used for domestic communications, though it remains unclear whether they also compromised systems handling foreign intelligence surveillance.

****National Security Concerns****

This incident is a matter of serious concern because wiretapping systems are part of the infrastructure used for investigating serious crimes and addressing national security threats. If a foreign state-linked group gains access to these systems, it puts sensitive information and ongoing investigations at risk. The cyber attack impacts much more than just private information—hackers could learn about investigation tactics, and targets, or even exploit data.

The Wall Street Journal report highlights how this is not the first time Chinese groups have been accused of targeting critical communication systems. The same hackers, known by other names such as FamousSparrow and GhostEmperor, have been previously linked to attacks on government institutions, law firms, and telecommunications networks globally.

Lumen Technologies, which has been actively tracking Chinese APTs like Volt Typhoon and Flax Typhoon, declined to provide specific comments on the incident, but industry watchers believe a detailed report may be forthcoming.

****What’s Being Done?****

Telecom companies and cybersecurity experts are on high alert. Microsoft and other firms are also investigating the incident to understand the depth of the breach and secure vulnerable systems.

It is worth noting that Microsoft has also been a victim of Chinese hackers in the past. In September 2023, the technology giant revealed that Chinese hackers had stolen its signing key to breach Outlook accounts. Weeks later, the company further acknowledged that the hackers had stolen 60,000 U.S. State Department emails from Microsoft.

Salt Typhoon’s actions show the ongoing risks to critical infrastructure in the United States and other countries, emphasizing the need for improved cybersecurity against sophisticated cyberattacks.

****Previous CyberSecurity Incidents at AT&T and Verizon****

This is not the first time that AT&T has been breached. In August 2021, the infamous ShinyHunters hacker group was selling an AT&T database with 70 million social security numbers (SSN). The telecom initially rubbished the group’s claims but confirmed in April 2024 that the data breach impacted over 73 million customers.

Verizon has faced several cybersecurity threats in the past, including a December 2012 incident in which 3 million customer records were leaked online. In March 2016, a hacker attempted to sell 1.5 million Verizon customer records on the dark web. In July 2017, an incident led to the exposure of personal details of 14 million customers.

****Next Steps for Users and Companies****

If you are a user of AT&T, Verizon, or Lumen services, experts recommend ensuring all accounts have strong passwords and considering two-factor authentication (2FA) where possible. Though this particular incident seems to focus on infrastructure-level breaches, end users must remain alert against potential scams or phishing attempts that often follow high-profile breaches.

For companies, it’s vital to review and update security protocols, especially those involved with sensitive government collaborations. This attack reveals how sophisticated threat actors can exploit even well-secured systems, emphasizing the need for ongoing monitoring, timely updates, and response plans to address vulnerabilities effectively.

The story of Salt Typhoon and its infiltration of telecom giants like AT&T and Verizon is far from over. As more details emerge, it will be critical for industry leaders and governments to fortify defences, share threat intelligence, and collaborate to counter such sophisticated cyberattacks.

1. CIA’s 11-year-old hacking campaign against China exposed
2. FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices
3. United Airlines Hacked by Chinese Group Behind The OPM Breach
4. Chinese SMS Phishing Group Hits iPhone Users in India Post Scam
5. China Hacked Federal Deposit Insurance Corporation with Malware
6. Five Eyes Accuses Chinese APT40 for Hacking Government Networks