AT&T and Verizon have confirmed that their systems have fully recovered and are operating securely following breaches by threat actor Salt Typhoon, a Chinese-linked cyberespionage group.
According to U.S. government sources, at least nine telecom providers have been targeted by Salt Typhoon. While the full extent of the attacks on AT&T and Verizon remains undisclosed, the operations appeared highly targeted with the theft of telephone audio intercepts and vast amounts of call record data. Hackers gained extensive access to networks, enabling them to geolocate millions of individuals and intercept phone calls at will.
In separate statements to Reuters and Bloomberg, the telecom giants clarified that they are working with law enforcement to mitigate the impact of these espionage-related threats
Salt Typhoon is an advanced persistent threat (APT) group believed to be associated with the People’s Republic of China (PRC) and has been active since 2019. The group primarily targets entities in the United States, Southeast Asia, and various African nations, with a focus on information theft and espionage. Also known by aliases such as FamousSparrow, GhostEmperor, Earth Estries, and UNC2286.
In October, the FBI and CISA jointly verified cyberattacks on American telecom infrastructure. Verizon was then identifies as a primary target, with high-profile individuals like Donald Trump and Senator JD Vance potentially in the crosshairs.
Earlier, The Wall Street Journal (WSJ) revealed that state-backed hackers attempted to breach broadband networks in September to gain covert access to infrastructure and data. It was later reported by WSJ that Federal investigations identified Verizon, AT&T, and Lumen as specific targets of Salt Typhoon.
