AT&T, Verizon say networks now clear after Salt Typhoon hack

AT&T and Verizon Communications acknowledged that they’d been hit by the China-linked Salt Typhoon hacking operation but that their networks were now clear from the intrusion.

The hackers attempted to gain information about foreign intelligence, Dallas-based AT&T said on Saturday (Dec 28). New York City-based Verizon said in a separate statement that “a small number of high-profile customers in government and politics” had been targeted.

“We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident,” Verizon chief legal officer Vandana Venkatesh said.

An independent cybersecurity firm confirmed the containment of the threat, Verizon said.

Both carriers said they are cooperating with authorities and notifying parties whose information may have been compromised.

“We detect no activity by nation-state actors in our networks at this time,” AT&T said. “Based on our current investigation of this attack, the People’s Republic of China targeted a small number of individuals of foreign intelligence interest. In the relatively few instances in which an individual’s information was impacted, we have complied with our notification obligations in cooperation with law enforcement.”

The Wall Street Journal reported in October that telecom carriers including AT&T and Verizon were hit by the Salt Typhoon network intrusions, and the hackers potentially accessed systems the federal government uses for court-authorised network wiretapping requests.

Since then, information about what’s going on inside the carriers has not been shared widely. T-Mobile USA disclosed that it caught suspicious behaviour on network-level routers that appeared consistent with Salt Typhoon, but it booted the attackers before they accessed any customer data.

The White House confirmed on Friday that nine telecom companies were breached in the intrusion, nicknamed Salt Typhoon by Microsoft threat researchers, but US officials did not name the affected companies.

SEE ALSO

US plans more actions against China over telecom hack

Chinese hackers breached eight US telecom providers: White House

US officials have said they still do not know exactly how many Americans were targeted and that it’s impossible to predict how long it will take to eradicate the threat across the country.

China has repeatedly denied involvement. The Biden administration recently called telecom industry leaders to a closed-door session in which industry and government representatives discussed how to address the vast vulnerabilities. The attendees included AT&T chief executive officer John Stankey. BLOOMBERG