Chinese cyberspies reportedly breached Verizon, AT&T, Lumen

Verizon, AT&T, and Lumen Technologies were among the US broadband providers whose networks were reportedly hacked by Chinese cyberspies, possibly compromising the wiretapping systems used for court-ordered surveillance.

Salt Typhoon, the Beijing-linked crew that the American public first learned about last month after the espionage gang was spotted on US internet service providers' networks, gained a foothold in at least these three telecommunications giants' infrastructure, according to a Wall Street Journal report. 

After breaking into the carriers' networks, the Chinese government-backed snoops may have had access to systems the communications providers use to share domestic data with law enforcement requests, along with more "generic internet traffic" from individuals and businesses across the US, the newspaper reported, citing "people familiar with the matter."

The FBI and other law enforcement agencies are allowed to intercept electronic communications, provided that they have obtained a court order and that the data is being used to solve crimes or investigate national security matters. 

Of course, sometimes network providers and other companies provide this level of snooping access without a warrant, too.

As it relates to the Salt Typhoon breaches, it's unclear if the spies also compromised the systems used for foreign intelligence surveillance.

The US Cybersecurity and Infrastructure Security Agency (CISA) referred questions about the alleged Salt Typhoon network intrusions to the providers.

AT&T, Verizon, and Lumen Technologies declined to answer The Register's inquiries.

A Verizon spokesperson did, however, note that the September 30 outage "was the result of a misconfiguration in our network," and not related to Salt Typhoon or any type of cybersecurity incident.

The Feds and private security analysts are currently investigating the Salt Typhoon breach, including how much and what data the Chinese spies stole, according to the Wall Street Journal.

• China's Salt Typhoon cyber spies are deep inside US ISPs
• Chinese spies spent months inside aerospace engineering firm's network via legacy IT
• Chinese national accused by Feds of spear-phishing for NASA, military source code
• FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds

How the crew gained initial access also remains unclear, although investigators are looking into Cisco routers as a possible entry point, the WSJ said. 

Outdated Cisco and Netgear routers have been previously abused by Chinese espionage gangs to break into US critical infrastructure facilities, prepare for future attacks, and steal sensitive corporate and government data.

Cisco did not immediately respond to The Register's inquiries.

This latest update on the PRC's snooping efforts follows a series of attacks that both government and private investigators have tied to the Chinese government. 

Last month, FBI Director Christopher Wray revealed that law enforcement disrupted a 260,000-device botnet controlled by China's Flax Typhoon. And as recent as August, a different cyberspy gang Volt Typhoon was spotted snooping on American networks.

Wray has repeatedly warned about the national security risk posed by Chinese state-sponsored hacking crews, telling lawmakers that China has "a bigger hacking program than that of every major nation combined, and it has stolen more of our personal and corporate data than every nation big or small, combined," and that there are 50 Chinese cyber-spies for every one FBI analyst. ®