AT&T and Verizon were targeted by China-backed hacking group Salt Typhoon, but their networks are now secure, the telecommunications companies said on Saturday in their first acknowledgement of the hacking.
Meanwhile, Lumen Technologies, which owns CenturyLink, said on Sunday that it has no evidence of Chinese actors in its network.
It comes after the White House said on Friday that it had identified a ninth U.S. telecom network that had been compromised by the wide-ranging espionage campaign, which began 2022, and that they are still accessing the scope of the breach.
Officials didn’t provide a full list of the compromised networks. Earlier this month, the FBI said malware from Salt Typhoon and two other Beijing-backed hacking groups, dubbed by Microsoft as Flax Typhoon and Volt Typhoon, were still embedded in some U.S. systems.
Verizon said in a statement to The Epoch Times that it has notified “a small number of high-profile customers in government and politics” who were targeted by the hackers.
The company said it has contained the threat, and that “an independent and highly respected cyber security firm” had confirmed the containment.
“Immediately upon learning of this incident, Verizon took several key actions to protect its customers and its network including partnering with federal law enforcement and national security agencies, industry partners, and private cybersecurity firms,” Verizon’s Chief Legal Officer Vandana Venkatesh said in a statement.
“We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident.”
On Saturday, an AT&T spokesperson told Reuters the company detected “no activity by nation-state actors in our networks at this time.”
“Based on our current investigation of this attack, the People’s Republic of China targeted a small number of individuals of foreign intelligence interest,” the spokesperson said.
While only a few cases of compromised information were identified, AT&T was monitoring and remediating its networks to protect customers’ data and continues to work with authorities to assess and mitigate the threat, the spokesperson said.
A spokesperson for Lumen Technologies told The Epoch Times there’s no evidence of Chinese actors in its network.
“An independent forensics firm has confirmed Salt Typhoon is no longer in our network. In addition, our federal partners have not shared any information that would suggest otherwise. To date, there is no evidence that customer data was accessed on our network,” the spokesperson said in a statement.
Meanwhile, T-Mobile’s Chief Security Officer Jeff Simon said in a blog published on Friday that the operator stopped attempts to infiltrate its systems “within the last few weeks,” but could not definitively identify the attacker’s identity.
Government officials have previously said Salt Typhoon targeted a limited number of high-profile officials and politicians over a long time. Simon said that is “not the case at T-Mobile.”
Chinese officials have previously described the allegations as disinformation and said Beijing “firmly opposes and combats cyber attacks and cyber theft in all forms.”
The FBI and the Cybersecurity & Infrastructure Security Agency (CISA) confirmed in October that they were investigating cyber threats linked to the Chinese regime following media reports of Salt Typhoon’s operation.
In November, the FBI and the CISA issued a joint statement, saying Chinese hackers had targeted commercial telecommunications infrastructure in a “broad and significant cyber espionage campaign,” in which they stole customer call records data, compromised private communications of government officials and politicians, and copied information “that was subject to U.S. law enforcement requests pursuant to court orders.”
Anne Neuberger, deputy national security adviser for cyber and emerging technologies, told reporters on Dec. 7 that the hackers had stolen a large volume of Americans’ metadata while targeting some “very senior political individuals.”
On Friday, Neuberger said it’s believed the hackers geolocated a large number of individuals in the Washington DC, Virginia area, and targeted “probably less than 100 on the actual individuals.”
Earlier this month, the CISA issued a guidance for “highly targeted” senior government officials and politicians, urging them to “use only end-to-end encrypted communications” and to adopt other measures to mitigate risks posed by Chinese hackers.
Reuters contributed to this report.
From The Epoch Times