Washington (AP) — A ninth US telecoms firm has been confirmed to have been hacked as part of a massive Chinese espionage campaign that gave officials in Beijing access to an unknown number of Americans’ private texts and phone conversations, according to a top White House official on Friday.
Officials from the Biden administration said this month that the Chinese hacking blitz known as Salt Typhoon had affected at least eight telecommunications companies and dozens of nations.
However, deputy national security adviser Anne Neuberger told reporters Friday that a ninth victim had been identified after the administration issued guidance to companies on how to search for Chinese perpetrators in their networks.
Neuberger’s update is the most recent development in a massive hacking operation that has alarmed national security officials, exposed cybersecurity vulnerabilities in the private sector, and revealed China’s hacking sophistication.
The hackers broke into telecommunications companies’ networks in order to obtain customer call records and access the private communications of a small number of people, according to officials.
Though the FBI has not publicly identified any of the victims, officials believe that senior US government officials and prominent political figures were among those whose communications were compromised.
Neuberger said Friday that officials did not yet know how many Americans were affected by the Salt Typhoon, in part because the Chinese were cautious with their techniques, but that a “large number” were in the Washington-Virginia area.
Officials believe the hackers’ goal was to determine who owned the phones and, if they were “government targets of interest,” spy on their texts and phone calls, she said.
The FBI stated that the majority of those targeted by the hackers are “primarily involved in government or political activity.”
According to Neuberger, the episode highlighted the need for required cybersecurity practices in the telecommunications industry, which the Federal Communications Commission will address at a meeting next month. In addition, she stated that the government was planning additional actions in the coming weeks in response to the hacking campaign, but she did not specify what they were.
“We know that voluntary cyber security practices are inadequate to protect against China, Russia and Iran hacking of our critical infrastructure,” according to her.
The Chinese government has denied responsibility for the hack.
