In the wake of cyberattacks by cyber-intrusion groups, both AT&T and Verizon have confirmed that their systems have now recovered and are operating safely. In separate press notes attributed to Reuters and Bloomberg, both major telecom operators cleared that they worked with law enforcement authorities to mitigate the harm from state-linked threats tied to espionage activities
As per the U.S. government, at least nine telecom labels have come under attacks from Salt Typhoon, a Chinese-linked cyberespionage operation. So far, the true extent of the attack on the two aforementioned carriers has not been made public knowledge, but it seems the threat was targeted.
The FBI and CISA jointly confirmed the attacks on American telecom infrastructure in October. Verizon was reported to have been under attack by BBC, with Donald Trump and Senator JD Vance listed as the potential targets for the bad actors.
In September, The Wall Street Journal reported that state-linked threat actors tried to break into broadband networks with the intention of gaining covert access to the infrastructure and data. A few weeks later, the outlet reported that federal authorities have started investigating attacks against the likes of Verizon, AT&T, and Lumen, originating from the Salt Typhoon group.
“The hackers may have essentially been able to spy on the U.S. government’s efforts to surveil Chinese threats, including the FBI’s investigations,” said the report. In its statement shared with Bloomberg, AT&T confirmed that the threat actors tried to extract information about foreign intelligence.
Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) also issued a broad set of mobile communication safety guidelines for senior government officials, politicians, and other high-value targets in the wake of state-linked cyber espionage.
Verizon also told Bloomberg that “a small number of high-profile customers in government and politics” were in the crosshairs of the cyber attacks. As of today, the carriers assure that their systems are free of the looming threat of state-linked cyberthreat activities.
Microsoft, which is also working with officials on the latest set of attacks, notes in its dashboard that the Salt Typhoon threat originates in China and also goes by names like GhostEmperor and FamousSparrow.
Notably, the company has previously grappled with another similar operation, Silk Typhoon, which targeted “healthcare, law firms, higher education, defense contractors, policy think tanks, and non-governmental organization (NGOs)” in the U.S. and elsewhere.
Notably, this won’t be the first attack on AT&T in 2024. Earlier this year, AT&T confirmed that stolen data was dumped on the dark web, covering over 7 million active accounts and more than 65 million past subscribers. A few months later, the carrier also confirmed that customer data, including message and call records, was also stolen from a third-party cloud platform.
