WASHINGTON (AP) — A ninth U.S. telecoms firm has been confirmed to have been hacked as part of a sprawling Chinese espionage campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans, a top White House official said Friday.
Biden administration officials said this month that at least eight telecommunications companies, as well as dozens of nations, had been affected by the Chinese hacking blitz known as Salt Typhoon.
But deputy national security adviser Anne Neuberger told reporters Friday that a ninth victim had been identified after the administration released guidance to companies about how to hunt for Chinese culprits in their networks.
The update from Neuberger is the latest development in a massive hacking operation that has alarmed national security officials, exposed cybersecurity vulnerabilities in the private sector and laid bare China's hacking sophistication.
The hackers compromised the networks of telecommunications companies to obtain customer call records and gain access to the private communications of what officials have said is a a limited number of individuals. Though the FBI has not publicly identified any of the victims, officials believe senior U.S. government officials and prominent political figures are among those whose whose communications were accessed.
Neuberger said Friday that officials did not yet have a precise sense how many Americans overall were affected by Salt Typhoon, in part because the Chinese were careful about their techniques, but that a “large number" were in the Washington-Virginia area.
Officials believe the goal of the hackers was to identify who owned the phones and, if they were “government targets of interest,” spy on their texts and phone calls, she said.
The FBI said most of the people targeted by the hackers are "primarily involved in government or political activity.”
Neuberger said the episode highlighted the need for required cybersecurity practices in the telecommunications industry, something the Federal Communications Commission is to take up at a meeting next month. In addition, she said, the government was planning additional actions in coming weeks in response to the hacking campaign, though she did not say what they were.
“We know that voluntary cyber security practices are inadequate to protect against China, Russia and Iran hacking of our critical infrastructure,” she said.
The Chinese government has denied responsibility for the hacking.
Credit: AP
Credit: AP