NSA Investigating If Chinese Hackers Breached US Telecom Firms

The U.S. is in the early stages of an investigation into potential Chinese hacking of American telecommunications companies, according to a top intelligence official.

National Security Agency Director General Timothy Haugh said the NSA, along with other government agencies and some companies, “will be doing deep looks” into the cases but that it is premature to speak about specific firms.

U.S. intelligence officials think a Chinese hacking group that Microsoft Corp. dubbed Salt Typhoon may have been inside US telecoms for months and found a route into an access point for court-authorized wiretapping, according to a different person familiar with their views. Such hacks would represent a serious security breach, according to the second person.

The Wall Street Journal previously reported that AT&T, Verizon and Lumen Technologies are among those targeted in the campaign, and that Chinese hackers may have accessed information from systems used by the federal government for lawful wiretapping.

AT&T and Lumen declined to comment. Neither Verizon nor the Chinese Embassy in Washington immediately responded to requests for comment.

The NSA has warned since 2022 that telecommunications infrastructure was vulnerable to Chinese hacking, Haugh told reporters at the Cipher Threat Conference in Sea Island, Georgia.

One such NSA advisory, dated June 2022, warned that Chinese hackers were seeking to gain “an initial foothold” into telecommunications organizations and network service providers via bugs in devices such as some Cisco Systems Inc. routers, before searching out critical users and systems.

Haugh, a four-star Air Force general who also took up leadership of US Cyber Command in February, has described China as “the most daunting” of threats to the US in cyberspace. US cyber officials have warned since last year that Chinese hackers are burrowing into critical infrastructure across the country. The aim, officials have concluded, is to lie in wait to disrupt large swaths of crucial services such as electricity and water supply during a future crisis, hobbling any US military response.

Although the US has appealed to a range of companies to help unearth cases of such intrusions, government officials said earlier this year that they have so far discovered only the tip of the iceberg.

“Critical infrastructure is under steady attack,” Harry Coker, US national cyber director, told attendees at the Sea Island conference, in an earlier discussion.