A joint statement from the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) has claimed multiple major US telecom providers have been breached in what appears to be a coordinated attack by Chinese hackers.
The statement notes, “The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.”
Not much is known about the attack, nor which telecom providers have been affected as the investigation is still ongoing. The Canadian government has also issued a warning on China’s widespread reconnaissance scans on Canadian domains, likely searching for vulnerabilities and gathering information.
Telecoms surveillance network breached
“After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims,” the joint statement continued, further stating that “any organization that believes it might be a victim to engage its local FBI field office or CISA.”
Earlier in October 2024, a cyber criminal group with links to the People’s Republic of China tracked as Salt Typhoon managed to break into broadband providers such as AT&T, Lumen Technologies, and Verizon. Along with access to the network traffic processed by these providers, the attackers also broke into a telecommunications system used by authorities to legally surveil criminals using wiretaps and other techniques.
As for Canada, the statement issued by its government states multiple reconnaissance scans by China “have occurred throughout 2024” with organizations targeted including “Government of Canada departments and agencies, and includes federal political parties, the House of Commons and Senate.”
“They also targeted dozens of organizations, including democratic institutions, critical infrastructure , the defence sector, media organizations, think tanks and NGOs,” the statement said.
The Canadian government says these scans are not indications of compromise, but are done to map and explore Canada’s domain infrastructure searching for vulnerabilities and planning future attacks.
“It is the equivalent of someone walking around a building to see if there is an alarm or security camera, or trying the windows and doors to see which ones are unlocked. It is about gathering information in case they want to return to carry out a crime and figuring out the best way to do it,” the statement summarized.
The best way for organizations to protect themselves from reconnaissance mapping and future attacks is to ensure their devices run the latest operating systems and are protected against all known vulnerabilities. Organizations may also want to ensure they use multi-factor authentication, activity logging, and educate their employees on common attack vectors such as phishing.
Take a look at the best endpoint protectionSonicWall VPNs targeted by ransomware hitting corporate networksThese are the best business VPNs