Dec 05, 2024 11:41:00

FBI warns users to use 'encrypted apps' to combat massive Chinese hacking

As China's massive hacking of major US telecommunications companies continues, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly called on telecommunications companies and the general public to strengthen their security.

Guidance Urges Visibility and Device Hardening against PRC-Affiliated Threat Actor > National Security Agency/Central Security Service > Press Release View

https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3982793/guidance-urges-visibility-and-device-hardening-against-prc-affiliated-threat-ac/

Enhanced Visibility and Hardening Guidance for Communications Infrastructure | CISA
https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure

US officials urge Americans to use encrypted apps amid cyberattack
https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

US shares tips to block hackers behind recent telecom breaches
https://www.bleepingcomputer.com/news/security/us-shares-tips-to-block-hackers-behind-recent-telecom-breaches/

The reason why US cybersecurity authorities have taken the step of calling for widespread vigilance among telecommunications companies and the public is that there is a strong sense of crisis over the large-scale attacks being carried out by Salt Typhoon, a Chinese government-affiliated hacker group, targeting US telecommunications networks.

In September 2024, the overseas media The Wall Street Journal reported that authorities were investigating the possibility that Salt Typhoon had been infringing the networks of several Internet service providers (ISPs) for a long period of time. It was subsequently discovered that a number of providers, including major telecommunications companies such as Verizon Communications, AT&T, and Lumen Technologies, had been invaded by Salt Typhoon.

Chinese government hacker 'Salt Typhoon' found to have infiltrated multiple Internet providers - GIGAZINE

Salt Typhoon is reportedly believed to have compromised the private communications of government officials and infiltrated networks used by authorities to intercept communications during investigations, known as 'lawful wiretapping,' and stolen classified information collected by law enforcement agencies.

The full extent of the breach is still unclear, but it is believed to have involved the theft of massive amounts of traffic from numerous businesses and ISPs serving millions of US citizens over a period of at least several months.

In response to this situation, on December 4, 2024, the US FBI, CISA, National Security Agency (NSA), and cybersecurity authorities from Australia, Canada, and New Zealand issued a joint statement warning that 'Chinese threat actors are compromising the networks of international telecommunications providers to carry out large-scale and widespread cyber espionage operations,' and called on telecommunications companies to strengthen their security.

In addition, Jeff Green, executive assistant director for cybersecurity at CISA, and a senior FBI official, who declined to be named, told NBC News that they encourage Americans to use encrypted messaging apps.

'Whether it's a text message or a voice call, encryption is your friend,' Green said. 'Even if an adversary is able to intercept your message, they can't access it if it's encrypted.'

According to FBI officials, the Chinese hackers accessed three main pieces of data.

The first is so-called metadata about who contacted where and when, and the second is calls to specific targets related to the election. The FBI did not disclose how many alerts it issued to the targets, but it has been revealed that Salt Typhoon attempted to gain unauthorized access to both Donald Trump and Kamala Harris' campaigns in the November 2024 US presidential election.

Chinese hacker group 'Salt Typhoon' may have infiltrated the wiretapping system of law enforcement agencies via ISP - GIGAZINE

The third is the aforementioned wiretapping system that telecommunications companies had been building under the Communications Assistance for Law Enforcement Act (CALEA). FBI officials declined to comment on whether any confidential information from the CALEA system, which law enforcement and intelligence agencies collect under court orders, had been stolen.

'Individuals who want to further protect their mobile communications would benefit from considering using phones that automatically receive timely operating system updates, have well-managed encryption systems, and protect their email and social media app accounts with phishing-resistant multi-factor authentication,' FBI officials said.

A spokesman for the Chinese Embassy in Washington did not respond to a request for comment from NBC News. The Chinese government has denied that government hackers were behind the cyberattack.