Hackers with ties to China’s government have reportedly gotten into some American internet service providers.
The hacking campaign, dubbed Salt Typhoon by investigators, was targeting sensitive information, the Wall Street Journal (WSJ) reported Wednesday (Sept. 25), citing sources familiar with the matter.
As the report noted, it marks the latest in a series of hacks that investigators in the U.S. say are connected to China.
In this case, the hack involved an incursion into U.S. broadband networks, with cybercriminals setting up a foothold inside the network that let them access data stored by telecommunications companies or carry out cyberattacks.
According to the WSJ, former U.S. intelligence officials say the alleged hack seems to be audacious in its scope, even by the standards set by past attacks by China-linked hackers.
“This would be an alarming — but not really surprising — expansion of their malicious use of cyber to gain the upper hand over the United States,” said Glenn Gerstell, former general counsel at the National Security Agency.
He added that China had long depended on cyber theft to steal industrial or military secrets before quietly establishing itself within critical U.S. infrastructure.
“Now it seems they are penetrating the very heart of America’s digital life, by burrowing into major internet-service providers,” he said.
Sources told the WSJ that investigators are probing whether the hackers got access to Cisco Systems routers, and that Microsoft is looking into the intrusion and what sensitive information may have been accessed.
The report is the latest bit of bad news in a year dominated by high-profile cyberattacks on the country’s ports, automotive sector and healthcare system.
In the wake of these incidents, PYMNTS wrote last week, cybersecurity has become a chief concern for organizations of all sizes, serving as a brutal reminder that no company, no matter its size or resources, can escape cyber threats.
“These breaches have not only exposed millions of personal data records but also revealed vulnerabilities in the systems used by businesses and their service providers,” that report said. “As cyberattacks grow in frequency and sophistication, the responsibility to reduce the attack surface — the totality of vulnerabilities that hackers could exploit — is increasingly falling on businesses and their service providers.”