Getty Images
U.S. officials say hackers linked to the Chinese government are responsible for security breaches at major telecommunications companies and U.S. agencies.
The latest hack, announced Monday, targeted the U.S. Treasury Department, which called the infiltration a “major incident.”
Officials said the hackers were able to access employee workstations and some unclassified documents. China denies any involvement.
It is the latest in a series of cyberattacks against American and Western targets in recent months.
What was hacked?
The Treasury Department hack followed the announcement in late October that the two main US presidential campaigns were being targeted.
The FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) said the hack targeting the White House campaigns was carried out “by actors affiliated with the People’s Republic of China.”
In September, reports emerged of an operation that successfully breached the security of major telecommunications companies.
The White House recently said at least nine companies had been hacked, including telecommunications giants AT&T and Verizon.
And earlier this year, in March, seven Chinese nationals were charged with leading a hacking operation that lasted at least 14 years and targeted foreign critics of China, businesses and politicians.
Operations linked by Western governments to China have also targeted the British Electoral Commission as well as the British and New Zealand parliaments.
Who are the hackers?
Although full details have not yet been revealed, the hacks appear to be the work of several different units – each, according to US authorities, linked to the Chinese state.
Hacker groups are given nicknames by security companies. For example, the group behind the telecommunications hack is better known as Salt Typhoon, the name given to it by Microsoft researchers. Other companies have nicknamed it Famous Sparrow, Ghost Emperor and Earth Estrie.
Salt Typhoon is believed to be behind the telecommunications hack. A separate group, dubbed Volt Typhoon, has been accused of penetrating critical infrastructure organizations for potential disruption attacks.
The seven Chinese citizens accused of computer hacking have been linked by U.S. Justice Department officials to an operation known as Zirconium or Judgment Panda.
The UK’s National Cyber Security Center says the same operation targeted the emails of British parliamentarians in 2021.
What was collected during the hacks?
Reuters
The president-elect and vice president-elect were targeted by hackers
The most recent hacks appear to target powerful individuals and collect data that could benefit the Chinese government.
Among others, they targeted the phones of President-elect Donald Trump, Vice President-elect JD Vance and people working for Vice President Kamala Harris’ campaign.
The hackers also accessed a database of phone numbers subject to law enforcement wiretapping — information that experts say could be used to discover which foreign spies are being monitored.
And millions of Americans may have had their data breached because of attacks on telecommunications companies.
Richard Forno, deputy director of the University of Maryland’s Baltimore County Cybersecurity Institute, said Chinese efforts were directed at a variety of targets.
“It’s a more generic collection of information, let’s see what we can get into and what we can find,” he said.
How worried are U.S. officials?
US lawmakers from both parties have expressed concern over the hacks.
Democratic Senator Mark Warner called Salt Typhoon’s activities “the worst telecommunications hack in the history of our country.”
Brendan Carr, Trump’s pick to chair the Federal Communications Commission, said an intelligence briefing on the hack was “deeply, deeply concerning.”
“The information I heard made me want to smash my phone in the end,” he told CNBC.
FBI Director Christopher Wray recently said that Salt Typhoon’s hacking of telecommunications companies was “the most significant cyberespionage campaign in history” carried out in China.
He previously said China’s hacking program was bigger “than that of all other major nations combined.”
EPA
Outgoing FBI Director Christopher Wray highlighted the threat from Chinese hackers in a farewell speech.
How did the Western allies react?
In addition to the charges against the seven Chinese nationals, U.S. authorities earlier this month warned China Telecom Americas, the U.S. subsidiary of one of China’s largest communications companies, that it posed a threat to national security.
The company has 30 days to respond and could ultimately face a ban.
In May, the UK sanctioned two people as well as Wuhan Xiaoruizhi Science and Technology Company Ltd, which it said was linked to Judgment Panda.
Trump’s new national security adviser, Mike Waltz, said foreign hackers should face “higher costs and consequences.”
Mr. Forno, of the UMBC Cybersecurity Institute, said hacks probably take years.
“China traditionally takes a very strategic, long-term view of how it conducts its espionage and intelligence operations,” he said. “The United States tends to be much more reactive and much more interested in immediate and visible results.”
What did China say?
Chinese Foreign Ministry spokeswoman Mao Ning told a news conference that the accusations were “baseless” and “lacked evidence.”
“China consistently opposes all forms of hacking and firmly rejects the spread of false information targeting China for political purposes,” Mao said.
A Chinese Embassy spokesperson said in a statement: “The United States must stop using cybersecurity to defame and slander China, and stop spreading all kinds of disinformation about so-called China threats. Chinese computer hacking.
