The breaches, first reported by The Washington Post a year ago, have been described as among the most significant in modern history. (Wikimedia Commons)
The FBI and other law enforcement and intelligence agencies around the world warned Wednesday that a Chinese-government hacking campaign that previously penetrated nine U.S. telecommunications companies has expanded into other industries and regions, striking at least 200 American organizations and 80 countries.
The joint advisory was issued with the close allies in the Five Eyes English-language intelligence-sharing arrangement and also agencies from Finland, the Netherlands, Poland and the Czech Republic, an unusually broad array meant to demonstrate global resolve against what intelligence officials said is a pernicious campaign that exceeds accepted norms for snooping.
“The expectation of privacy here was violated, not just in the U.S., but globally,” FBI Assistant Director Brett Leatherman, who heads the bureau’s cyber division, told The Washington Post in an interview.
Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere, then extracted call records and some law enforcement directives, which allowed them to build out a map of who was calling whom and whom the U.S. suspected of spying, Leatherman said. Prominent politicians in both major U.S. parties were among the ultimate victims.
Although technology and security companies call the same hacking group different names, the best known is Salt Typhoon, from Microsoft’s terminology. The joint advisory named three private companies that allegedly participated in the onslaught and said that they provided services to multiple units in the People’s Liberation Army and the Ministry of State Security.
Leatherman said that the campaign went beyond traditional spying because the companies were allowed to choose their own targets, resulting in an excessive number of victims in a wide range of industries, including lodging and transportation. The breaches, first reported by The Post a year ago, have been described as among the most significant in modern history.
“This shows much more broad, indiscriminate targeting of critical infrastructure across the globe in ways that go well outside the norms of cyberspace operations,” Leatherman said.
He and industry experts said that the telecommunications hacks were one aspect of a ramped-up offense from the Chinese government, fueled in part by active security industry participation. A different campaign has embedded destructive capability in utilities, including power and water companies.
Former security leaders and Democrats have sounded the alarm about the Trump administration’s cuts to the Cybersecurity and Infrastructure Security Agency, which is responsible for helping civilian governments and businesses protect themselves. CISA helped with the advisory but declined an interview request.
U.S. security officials have given mixed signals this year over whether efforts to expel the hackers have succeeded. But Leatherman was clear that the threat is ongoing, saying that the hackers have hidden points of reentry in a variety of software and reported the configurations of devices so that they might be breached again.
“Just because it was secure six months ago does not mean it is now,” he said. The advisory provides an exhaustive list of compromised devices and techniques, along with tips about what to look for inside corporate networks and how to protect them against future attacks.
