SoylentNews

fliptop writes:

'We are deeply alarmed [the Department of Homeland Security] has not publicly disclosed when this investigation will begin,' the senators stated in a letter:

A bipartisan group of senators has urged a federal review board to immediately begin an investigation into a Chinese hacking group's attacks against the United States, according to a recent letter sent to Robert Silvers, undersecretary for policy at the Department of Homeland Security (DHS).

Led by Sen. Eric Schmitt (R-Mo.), the senators wrote in a letter dated Nov. 14 that the independent Cyber Safety Review Board (CSRB) had announced in late October that it would initiate a review "at the appropriate time," a DHS spokesman confirmed in a statement to the Wall Street Journal, following media reports that Salt Typhoon, a Chinese state-sponsored threat group, had breached several U.S. telecommunications companies.

[...] The senators noted that the CSRB's announcement "is a good first step." The CSRB, established by the DHS in 2022, consists of federal officials and private-sector cybersecurity experts.

"We are deeply alarmed DHS has not publicly disclosed when this investigation will begin," the senators wrote. "While details of the attack are still being revealed, the scope of this attack is historic in nature and the hacking technique used by Salt Typhoon holds countless senior U.S. officials and millions of U.S. citizens at risk.

"With all due speed and urgency, the CSRB should begin investigating how this happened immediately."

Previously: U.S. Wiretap Systems Targeted in China-Linked Hack

Original Submission

Arthur T Knackerbracket has processed the following story:

The reach of the China-linked Salt Typhoon gang extends beyond telecommunications giants in the United States, and its arsenal includes several backdoors – including a brand-new malware dubbed GhostSpider – according to Trend Micro researchers.

While the crew has made headlines recently for hacking "thousands and thousands" of devices at US telcos, research published on Monday by Trend Micro's threat intel team suggests Salt Typhoon (which Trend tracks as Earth Estries) has also hit more than 20 organizations globally since 2023. These span various sectors – including technology, consulting, chemical and transportation industries, government agencies, and non-profit organizations (NGOs) in the US, the Asia-Pacific region, the Middle East, and South Africa.

Affected countries include Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, the US, and Vietnam.

It's "one of the most aggressive Chinese advanced persistent threat (APT) groups," Trend Micro's Leon Chang, Theo Chen, Lenart Bermejo, and Ted Lee wrote.

"We found that in 2023, the attackers had also targeted consulting firms and NGOs that work with the US federal government and military," the threat intel team observed.

These intrusions not only compromised telcos' database and cloud servers, but also attacked the firms' suppliers – in at least one instance implanting the Demodex rootkit on machines used by a major contractor to a dominant regional telecommunications provider. Trend Micro's analysts think that shows Salt Typhoon wanted to gain access to more targets.

Original Submission

Arthur T Knackerbracket has processed the following story:

We’ve noted for decades that U.S. telecom security and privacy standards aren’t great. T-Mobile has been hacked so many times in the last five years it’s easy to lose count. AT&T not long ago had a breach impacting the data of 73 million users it initially tried to pretend hadn’t happened.

Telecoms have lobbied relentlessly to dismantle much in the way of corporate oversight, so when hacks or breaches or bad choices manifest, executives and companies alike routinely see little in the way of real, meaningful accountability. Which, of course, ensures nothing much changes.

This all came to a head recently with the Salt Typhoon hack, which involved 8 major U.S. telecom operators suffering a major intrusion by Chinese hackers. The hack, oddly getting far less attention than the TikTok moral panic did, was leveraged to help spy on U.S. political officials. It was so severe and extensive that the involved, unnamed telecoms have yet to fully remove the intruders from their networks:

This is par for the course for a country that’s literally too corrupt to pass even a baseline privacy law for the internet era, or hold telecom giants meaningfully accountable for much of anything. At best, telecoms have grown fat and comfortable with a paradigm that involves a tiny fine and wrist slap for their incompetence, assuming they get challenged over it at all.

Enter Senator Ron Wyden, who is proposing a new law that would require the FCC to take broader ownership of telecom cybersecurity.

His Secure American Communications Act would more clearly establish FCC authority to monitor telecoms for privacy and cybersecurity violations, require they conduct routine testing of their networks and systems, and contract outside independent auditors to make sure they’re doing a competent job. They’d also have to submit formal annual reviews to the FCC.

“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.”

Of course the last thing AT&T, Verizon, Comcast, T-Mobile and Charter want is additional (or any) government oversight, so even if perfectly designed to minimize headaches and problems, the bill likely has zero real chance of passing a corrupt Congress.

upstart writes:

A 9th telecoms firm has been hit by a massive Chinese espionage campaign, the White House says:

A ninth U.S. telecoms firm has been confirmed to have been hacked as part of a sprawling Chinese espionage campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans, a top White House official said Friday.

Biden administration officials said this month that at least eight telecommunications companies, as well as dozens of nations, had been affected by the Chinese hacking blitz known as Salt Typhoon.

But deputy national security adviser Anne Neuberger told reporters Friday that a ninth victim had been identified after the administration released guidance to companies about how to hunt for Chinese culprits in their networks.

The update from Neuberger is the latest development in a massive hacking operation that has alarmed national security officials, exposed cybersecurity vulnerabilities in the private sector and laid bare China's hacking sophistication.

The hackers compromised the networks of telecommunications companies to obtain customer call records and gain access to the private communications of what officials have said is a a limited number of individuals. Though the FBI has not publicly identified any of the victims, officials believe senior U.S. government officials and prominent political figures are among those whose whose communications were accessed.

Neuberger said Friday that officials did not yet have a precise sense how many Americans overall were affected by Salt Typhoon, in part because the Chinese were careful about their techniques, but that a "large number" were in the Washington-Virginia area.

Officials believe the goal of the hackers was to identify who owned the phones and, if they were "government targets of interest," spy on their texts and phone calls, she said.

The FBI said most of the people targeted by the hackers are "primarily involved in government or political activity."

Neuberger said the episode highlighted the need for required cybersecurity practices in the telecommunications industry, something the Federal Communications Commission is to take up at a meeting next month. In addition, she said, the government was planning additional actions in coming weeks in response to the hacking campaign, though she did not say what they were.

"We know that voluntary cyber security practices are inadequate to protect against China, Russia and Iran hacking of our critical infrastructure," she said.

The Chinese government has denied responsibility for the hacking.

Original Submission

Arthur T Knackerbracket has processed the following story:

According to a letter from the U.S. Treasury Department to lawmakers revealed on Monday, Dec. 30, Chinese-backed hackers successfully infiltrated the department’s systems and stole government documents this month.

The breach, first reported by Reuters, highlights yet another instance of state-sponsored cyber espionage targeting U.S. government employees — just moments after AT&T and Verizon finally dealt with Salt Typhoon. In a statement to Senator Sherrod Brown, chair of the Committee on Banking, Housing, and Urban Affairs, the Treasury confirmed that the attack occurred in December.

In the letter, the department states that the breach was flagged by a third-party cybersecurity vendor, BeyondTrust, which discovered that the attackers had compromised a key used to secure a cloud-based service. That service was integral to providing remote technical support to end users within the department's offices.

"With access to the stolen key, the threat actor was able [to] override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users," the letter reads.

The Treasury revealed it was alerted to the breach on Dec. 8 and is collaborating with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to evaluate the scope of the incident. Reuters reports that the FBI has yet to respond to requests for comment, while CISA redirected inquiries back to the Treasury.

Original Submission

fliptop writes:

Companies are advised to constantly update their apps and software, and patch known network vulnerabilities to prevent such attacks:

A ransomware group called "Ghost" is exploiting the network vulnerabilities of various organizations to gain access to their systems, according to a joint advisory issued by multiple U.S. federal agencies.

"Beginning early 2021, Ghost actors began attacking victims whose internet-facing services ran outdated versions of software and firmware," the Cybersecurity and Infrastructure Security Agency (CISA) said in the Feb. 19 joint advisory. "Ghost actors, located in China, conduct these widespread attacks for financial gain."

The attacks have targeted schools and universities, government networks, critical infrastructure, technology and manufacturing companies, health care, and several small and mid-sized businesses.

[...] The criminals use publicly available code to exploit "common vulnerabilities and exposures" of their targets to secure access to servers. They leverage vulnerabilities in servers running Adobe ColdFusion, Microsoft Exchange, and Microsoft SharePoint.

Also at BleepingComputer.

Related:

• Chinese Salt Typhoon Hackers 1st Spotted on Federal Networks Under Another Name
• U.S. Treasury Confirms It Was Breached by China-Backed Hackers
• A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says
• U.S. Officials Urge Americans to Use Encrypted Apps Amid Unprecedented Cyberattack
• T-Mobile Hacked in Massive Chinese Breach of Telecom Networks, WSJ Reports

Original Submission