The Washington Post recently released a report detailing how Chinese government-backed hackers went undetected on the networks of multiple major U.S. internet service providers for an unknown period of time during the last year, potentially accessing sensitive information.

About the attack

Called “Salt Typhoon,” the hacker group targeted multiple telecom companies that the United States government works with to perform court-sanctioned surveillance and wiretapping, including AT&T and Verizon. For this reason, both private and government agencies are investigating the incident to determine the breadth of the breach.

Ars Technica shared part of the report from The Washington Post:

“‘Hackers apparently exfiltrated some data from Verizon networks by reconfiguring Cisco routers,’ said one current and one former US official familiar with the matter… ‘The fact that they were able to make changes in the routers without detection reflects the sophistication of the adversary but also raises questions about Verizon’s security posture,’ analysts said.”

The post also related that the president himself was briefed on the situation, due to its severity.

“‘Whether the hackers got access to actual lists of federal surveillance targets or their communications—or what they might have taken—is not clear,’ officials said. ‘It is also not clear whether the subjects of the surveillance at issue were targeted in domestic criminal investigations or in national security cases, such as espionage, terrorism, or cybersecurity.’”

The alarming state of nation-state cyber attacks

According to Microsoft’s latest Digital Defense Report released this week, these kinds of attacks are only going to become more prevalent, as nation-state cybercrime is on the rise. Evidence suggests that nations such as Russia, North Korea, and Iran have each partnered with independent cybercrime groups on different occasions to help carry out cyber espionage against other nations, such as Ukraine. The report outlines:

“Microsoft observed nation-state threat actors conduct operations for financial gain, enlist cybercriminals to collect intelligence on the Ukrainian military, and make use of the same infostealers, command and control frameworks, and other tools favored by the cybercriminal community.”

Even more concerning is how often such activity is taking place – Microsoft relates:

“The pace of nation-state sponsored cyberattacks has escalated to the point that there is now effectively constant combat in cyberspace.”

The post U.S. internet providers infiltrated by Chinese-sponsored cybercriminals appeared first on OPUSfidelis.