Nine U.S. telecommunications firms have fallen victim to a widespread Chinese espionage campaign, according to statements made by a top White House official on Friday. Anne Neuberger, deputy national security adviser for cyber and emerging technology, revealed that the list of known victims of the campaign, dubbed Salt Typhoon, now includes a total of nine companies.
The discovery of the additional breached company came after the federal government provided guidance to telecoms on identifying and combatting Chinese cyber intrusion techniques on their networks. Neuberger informed reporters, “From that, yes, a ninth company was identified,” while refraining from disclosing the name of the compromised entity.
Despite vehement denials from the Chinese government regarding any involvement in the cyberattack, the breach resulted in the collection of unclassified communications from the phones of senior U.S. government officials, including President-elect Donald Trump and Vice President-elect JD Vance. Additionally, a substantial amount of metadata from an undisclosed number of American citizens was also intercepted.
The ongoing breach has sparked bipartisan concern on Capitol Hill, with promises of retaliation from incoming officials of the Trump administration. Representative Mike Waltz (R-FL), tapped to be the national security adviser under Trump, emphasized the need for aggressive action in response to the cyber intrusion.
Neuberger outlined a series of measures being taken by the administration to address the breach, with a significant focus on a forthcoming rule that the Federal Communications Commission (FCC) is set to vote on. The proposed rule would mandate telecom providers to establish and annually report their cybersecurity practices, under the threat of potential fines for non-compliance.
One key recommendation being pushed by the administration is the segmentation of networks by telecom companies to limit the impact of potential breaches. Neuberger illustrated the vulnerability of networks by highlighting a case where a single administrator account with access to over 100,000 routers allowed Chinese hackers to gain widespread network access after compromising the account.
She cautioned that the full extent of the breach may never be fully understood, given the efforts by hackers to cover their tracks and the inadequacy of companies in maintaining detailed logs of network activities. Despite political divisions among FCC commissioners, Neuberger stressed the importance of implementing mandatory cybersecurity measures across telecoms to enhance network security.
Furthermore, efforts are underway within the General Services Administration to ensure that government contracts prioritize high-impact cybersecurity practices. The Commerce Department is also moving forward with a proposed ban on China Telecom, with the final decision awaiting the start of the new Trump administration.
Neuberger hinted at additional actions in the cybersecurity realm that will be unveiled in the coming weeks and months, emphasizing the ongoing commitment to bolstering defenses against cyber threats. As the investigation into the Salt Typhoon campaign continues, the administration remains vigilant in safeguarding U.S. telecommunications infrastructure against foreign cyber adversaries.