WASHINGTON — A ninth U.S. telecom firm has been confirmed to have been hacked as part of a sprawling Chinese espionage campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans, a top White House official said Friday.
Biden administration officials said this month that at least eight telecommunications companies, as well as dozens of countries, had been affected by the Chinese hacking blitz known as Salt Typhoon.
But Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, told reporters on Friday that a ninth victim had been identified after management instructed companies on how to track down Chinese perpetrators on their networks.
The Neuberger upgrade is the latest progression in a major hacking operation that has alarmed national security officials, exposed cybersecurity vulnerabilities in the sector and laid bare the sophistication of China’s hackingArray.
The hackers compromised the networks of telecommunications companies to obtain customer call records and gain access to the private communications of “a limited number of individuals.” Though the FBI has not publicly identified any of the victims, officials believe senior U.S. government officials and prominent political figures are among those whose communications were accessed.
Neuberger said officials did not yet have a clear picture of the total number of Americans affected by Typhoon Salt, in part because the Chinese were careful with their techniques, but that a “large number” were in the Washington-Virginia region.
The hackers’ purpose was to identify who owned the phones and, if they were “targets of government interest,” to spy on their text messages and phone calls, he said.
The FBI said most of the people targeted by the hackers are “primarily related to government or political activities. “
Neuberger said the episode highlighted the need for necessary cybersecurity practices in the telecommunications sector, an issue the Federal Communications Commission plans to address at a meeting next month.
“We know that voluntary cybersecurity practices are not enough for China, Russia and Iran to hack our critical infrastructure,” he said.
The Chinese have denied any responsibility for the attack.
Tucker writes for the Associated Press.
Subscribe for unlimited accessSite Map
Follow
MORE FROM THE L.A. TIMES