Lawmakers seek insight into China-linked attacks on telecom networks

Concerns are growing over a string of reported China-linked attacks on U.S. telecom networks, as lawmakers sought briefings with the leaders of AT&T, Lumen Technologies and Verizon Communications before Friday, Oct. 18.

The Wall Street Journal earlier this month reported Salt Typhoon, a threat group linked to China’s government, hacked and potentially gained access to multiple U.S. communications networks for months. Salt Typhoon’s widespread breach of telecom networks impacted up to 12 companies, The Washington Post reported last week. Both reports and ongoing coverage of the attacks are based on anonymous sources.

Democratic and Republican leaders on the House Energy and Commerce Committee and the Communications and Technology Subcommittee sent letters to the three network operators, seeking details about the attacks and the companies’ respective response.

Verizon did not respond to requests for comment. AT&T and Lumen declined to comment on the reported attacks and the letters lawmakers sent to AT&T CEO John Stankey and Lumen CEO Kate Johnson.

Lawmakers said “there is a growing concern regarding the cybersecurity vulnerabilities embedded in U.S. telecommunications networks,” and asked the trio of telecom companies how the breaches occurred.

“In an age where Americans rely heavily on your services for communication and connectivity, the integrity of your networks is paramount,” Reps. Cathy McMorris Rodgers, Frank Pallone, Robert E. Latta and Doris Matsui said in the Oct. 10 letters.

The lawmakers want to know when and how the network operators became aware of the intrusions and what information the nation state threat group accessed.

Salt Typhoon reportedly accessed the telecom networks’ wiretapping systems and infrastructure used for court-authorized wiretaps, according to The Wall Street Journal and The Washington Post.

“If accurate, this intrusion could enable China to identify targets of U.S. government surveillance and to surveil Americans,” Sen. Ron Wyden said in an Oct. 11 letter sent to the Federal Communications Commission and the Justice Department.

“These telecommunications companies are responsible for their lax cybersecurity and their failure to secure their own systems, but the government shares much of the blame,” Wyden said in the letter. “The security of our nation's communications infrastructure is paramount, and the government must act now to rectify these longstanding vulnerabilities.”

Intrusions by the state-sponsored threat group are part of an extensive effort to maneuver in preparation for future attacks, federal authorities warned earlier this year.

Salt Typhoon is one of multiple threat groups linked to China’s government. The U.S. government follows Microsoft’s threat group naming conventions in attributing these attacks to China-linked threat groups.

In February, the Five Eyes warned that the group known as Volt Typhoon already embedded itself into numerous transportation, energy, communications, and water and wastewater systems. In September, the FBI disrupted a massive botnet linked to another threat group known as Flax Typhoon.