Joint FBI-CISA Advisory Informs Chinese Espionage on U.S. Telecom Firms

The FBI and CISA issued a joint statement confirming that PRC-affiliated cyber actors breached several U.S. telecommunications providers, including prominent broadband companies. These intrusions, which likely persisted for several months, enabled the threat actors to conduct extensive cyber espionage operations. “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” noted CISA in their statement. This operation has raised significant concerns due to the attackers’ access to both personal and potentially classified information, impacting individuals and organizations involved in government, political, and law enforcement activity.

This statement follows initial reporting from the joint agencies in late October, with insights first reported by the Wall Street Journal in September, revealing that the breach affected companies such as AT&T, Verizon, and Lumen Technologies. The breach allowed hackers to access volumes of internet traffic and sensitive communication records, affecting millions of American citizens and businesses nationwide. The PRC-linked threat group, tracked as Salt Typhoon (also known as FamousSparrow, Ghost Emperor, and UNC2286), gained access to federal systems, including those used for court-authorized wiretaps. As a result, this compromise extends beyond simple data theft, encompassing access to systems critical for national security and law enforcement. FBI and CISA emphasized their ongoing collaboration to provide technical support and strengthen cyber defenses across affected sectors.

The FBI and CISA have urged any organizations that may have been affected to contact local FBI Field Offices or CISA for support. The agencies continue to investigate, anticipate additional findings, and remain vigilant in addressing the scope of these intrusions.