Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications

CISA and the FBI recently released a public announcement concerning breaches on U.S. telecommunication service providers by Chinese cyber threat actors. The announcement reads:

The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China. 

After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims. The investigation is ongoing, and we encourage any organization that believes it might be a victim to engage its local FBI field office or CISA. 

Agencies across the U.S. Government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector.

The announcement follows a string of incidents over the past few months where Salt Typhoon actors linked to the Chinese government broke into a handful of U.S. internet service providers (ISPs) in search of sensitive information. Targets have included Verizon, AT&T, and Lumen Technologies. Investigators noted that these attackers allegedly compromised America’s broadband networks and appear to have access deep into the routing functions of major ISPs, giving them the ability to manipulate network routing. The broad implications of attacks on major ISPs have the potential to impact operational technology, however the operation’s goal has appeared to be espionage. WaterISAC has previously shared these incidents in its supplemental cyber highlights.

Access the full press release at CISA.