Both AT&T and Verizon confirm that they were targeted by Chinese government hackers, who gained access to US officials’ calling and location data.
In early October, it became known that hackers with ties to the Chinese government had carried out a cyberattack on American telecom players. There was talk of months of access to the network for legitimate requests for access to communication data. In addition to AT&T and Verizon, Lumen was explicitly named as a victim of the Salt Typhoon hacker group. Nine telecom players are said to be involved in the hack.
Over the weekend, AT&T and Verizon first confirmed to Reuters that they were under fire in the attack. Verizon is working with the US government to take necessary security measures and protect customer data.
AT&T says that it no longer sees any activity from Salt Typhoon on its network today, based on its own research. It does acknowledge that the Chinese hackers targeted a small number of individuals. The company explicitly speaks of a hack by the People’s Republic of China.
Through its hack, Salt Typhoon managed to locate millions of users and record conversations. Since then, politicians and high-ranking government officials have been told to only communicate via end-to-end encrypted apps.
Although China had access to nearly all of its customers’ data, AT&T says the attack targeted a few specific high-level individuals. Some politicians have already described the hack as the largest telecom hack in US history.
The latter is only selectively true. This is true purely for classic telecom networks. However, the most significant communication hack in the US was the Prism scandal, revealed in 2013 by whistleblower Edward Snowden. At the time, he admitted that the American NSA was abusing various tech companies to spy on millions of citizens and non-Americans on a large scale. The scandal caused many tech companies to accelerate their efforts towards end-to-end encryption.
However, because the spying was done legally, albeit without the citizens’ knowledge, it was technically not a hack but a security operation.