The Salt Typhoon cyber attack, conducted by bad actors in China, targeted telecommunication organizations. Major telecom companies were hacked, including AT&T, Verizon, T-Mobile and Lumen. The Salt Typhoon attack was first discovered in October but is suspected to have been prevalent on systems since 2022. Cyber crooks compromised private portals and were able to access call records and live calls of certain targets that used these portals to handle court orders from law enforcement. This portal is also used by U.S. intelligence for foreign surveillance. The hackers were able to identify and focus on specific targets and accessing the communications from them. Chinese attackers were able to obtain vast amounts of data that showed where, when and who people were communicating with. The goal for the Chinese operatives was to gain persistent access to U.S. telecoms by compromising routers, switches and firewalls. U.S. officials have not been able fully identify the depth, scope, and severity of the attack. And it is uncertain how to remove the attackers from the compromised systems.
How does this breach affect the consumer? First, your data and privacy has been compromised. Last week the FBI warned about an ongoing cyber breach that may post a risk to text messaging between Android and iPhone users. iPhone to iPhone messaging is encrypted. Android to Android messaging is encrypted. However, messaging between Android and iPhone is not. If you are concerned about the privacy of communication on a mobile device, it is recommended that you use a encrypted messaging app, such as WhatsApp, Messenger or Signal. Use of an app to handle encrypted messages can also prevent against SIM swap scams and strengthen MFA be avoiding text messaging for authentication (use an authentication app instead).
Resources:
Enhanced Visibility and Hardening Guidance for Communications Infrastructure
FBI Issues Warning About Sending Text Messages with iPhone, Android Phones
FCC Response