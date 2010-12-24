From reuters.com:
The U.S. House of Representatives is set to vote next week on an annual defense bill that includes just over $3 billion for U.S. telecom companies to remove equipment made by Chinese telecoms firms Huawei and ZTE (000063.SZ) , opens new tab from American wireless networks to address security risks.
The 1,800-page text was released late Saturday and includes other provisions aimed at China, including requiring a report on Chinese efforts to evade U.S. national security regulations and an intelligence assessment of the current status of China's biotechnology capabilities.
The Federal Communications Commission has said removing the insecure equipment is estimated to cost $4.98 billion but Congress previously only approved $1.9 billion for the "rip and replace" program.
Washington has aggressively urged U.S. allies to purge Huawei and other Chinese gear from their wireless networks.
FCC Chair Jessica Rosenworcel last week again called on the U.S. Congress to provide urgent additional funding, saying the program to replace equipment in the networks of 126 carriers faces a $3.08 billion shortfall "putting both our national security and the connectivity of rural consumers who depend on these networks at risk."
She has warned the lack of funding could result in some rural networks shutting down, which "could eliminate the only provider in some regions" and could threaten 911 service.
Competitive Carriers Association CEO Tim Donovan on Saturday praised the announcement, saying "funding is desperately needed to fulfill the mandate to remove and replace covered equipment and services while maintaining connectivity for tens of millions of Americans."
In 2019, Congress told the FCC to require U.S. telecoms carriers that receive federal subsidies to purge their networks of Chinese telecoms equipment. The White House in 2023 asked for $3.1 billion for the program.
Senate Commerce Committee chair Maria Cantwell said funding for the program and up to $500 million for regional tech hubs will be covered by funds generated from a one-time spectrum auction by the FCC for advanced wireless spectrum in the band known as AWS-3 to help meet rising spectrum demands of wireless consumers.
China's Volt Typhoon Breached Singtel, Reports Say
The digital break-in was discovered in June, according to Bloomberg, citing "two people familiar with the matter" who told the news outlet that the Singtel breach was "a test run by China for further hacks against US telecommunications companies."
In February, the feds and other nations' governments warned that the Beijing-backed crew had compromised "multiple" critical infrastructure orgs' IT networks in America and globally, and were "disruptive or destructive cyberattacks" against those targets.
Volt Typhoon's targets include communications, energy, transportation systems, and water and wastewater systems.
"Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the US, Canada, UK, Australia, and New Zealand said at the time.
More recently, another Chinese-government-backed group Salt Typhoon was accused of breaking into US telecom companies' infrastructure. These intrusions came to light in October with the spies reportedly breaching Verizon, AT&T, and Lumen Technologies, although all three have thus far declined to comment to The Register about the hacks.
Salt Typhoon also reportedly targeted phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, along with Republican candidate Donald Trump and his running mate, JD Vance.
Volt Typhoon And Its Botnet Surge Back With A Vengeance
China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.
The alert comes nearly ten months after the Feds claimed a victory against the Chinese government-linked miscreants, when the FBI infiltrated the operation and then remotely wiped the botnet.
At the time, the US Justice Department warned that Volt Typhoon had infected "hundreds" of outdated Cisco and Netgear boxes with malware so that the devices could be used to break into US energy, water, and other vital facilities. Plus, the crew had been targeting American critical organizations as far back as 2021.
The reach of the China-linked Salt Typhoon gang extends beyond telecommunications giants in the United States, and its arsenal includes several backdoors – including a brand-new malware dubbed GhostSpider – according to Trend Micro researchers.
While the crew has made headlines recently for hacking "thousands and thousands" of devices at US telcos, research published on Monday by Trend Micro's threat intel team suggests Salt Typhoon (which Trend tracks as Earth Estries) has also hit more than 20 organizations globally since 2023. These span various sectors – including technology, consulting, chemical and transportation industries, government agencies, and non-profit organizations (NGOs) in the US, the Asia-Pacific region, the Middle East, and South Africa.
Affected countries include Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, the US, and Vietnam.
It's "one of the most aggressive Chinese advanced persistent threat (APT) groups," Trend Micro's Leon Chang, Theo Chen, Lenart Bermejo, and Ted Lee wrote.
"We found that in 2023, the attackers had also targeted consulting firms and NGOs that work with the US federal government and military," the threat intel team observed.
These intrusions not only compromised telcos' database and cloud servers, but also attacked the firms' suppliers – in at least one instance implanting the Demodex rootkit on machines used by a major contractor to a dominant regional telecommunications provider. Trend Micro's analysts think that shows Salt Typhoon wanted to gain access to more targets.
The Biden administration on Friday hosted telco execs to chat about China's recent attacks on the sector, amid revelations that US networks may need mass rebuilds to recover.
Details of the extent of China's attacks came from senator Mark R Warner, who on Thursday gave both The Washington Post and The New York Times insights into info he's learned in his role as chair of the Senate Intelligence Committee.
Warner told the Post, "my hair is on fire," given the severity of China's attacks on US telcos. The attacks, which started well before the US election, have seen Middle Kingdom operatives establish a persistent presence – and may require the replacement of "literally thousands and thousands and thousands" of switches and routers.
The senator added that China's activities make Russia-linked incidents like the SolarWinds supply chain incident and the ransomware attack on Colonial Pipeline look like "child’s play."
Warner told The Times the extent of China's activity remains unknown, and that "The barn door is still wide open, or mostly open."
[...] For what it's worth, China claims the US makes this stuff up – but hasn't offered an alternative explanation.
The day after Warner chatted to the newspapers, the Biden administration’s national security advisor Jake Sullivan and deputy national security advisor for cyber and emerging technology Anne Neuberger met with telecom execs. According to a White House readout of the chat, they used the opportunity to "share intelligence and discuss the People's Republic of China's significant cyber espionage campaign targeting the sector."
Which rather suggests there's more info about this situation that's not available to the public.