Telecom giants AT&T and Verizon have confirmed securing their networks after being targeted by the China-linked Salt Typhoon cyberespionage group.
In a statement to TechCrunch on Monday, AT&T spokesperson Alexander Byers stated that there is currently "no activity by nation-state actors in our networks." Meanwhile, Verizon spokesperson Richard Young mentioned in an emailed statement on Sunday that the company has "contained the cyber incident caused by this nation-state threat actor" and has not detected any threat actor activity on its network "for some time."
Verizon confirmed its containment of the incident through a “highly respected cybersecurity firm,” though Young declined to reveal the third-party organization’s name.
The extent of Salt Typhoon’s breaches remains unclear. AT&T noted that China-backed hackers targeted “a small number of individuals of foreign intelligence interest,” and said it was aware of “relatively few instances” where personal information was compromised. Verizon reported that the hackers specifically focused on “a small number of high-profile government customers.”
“Upon learning of this incident, Verizon took several key steps to protect its customers and network, including collaborating with federal law enforcement, national security agencies, industry partners, and private cybersecurity firms,” Vandana Venkatesh, Verizon’s chief general officer, stated. "After considerable efforts addressing this incident, we can confirm that Verizon has contained the activities linked to this incident."
This marks AT&T and Verizon’s first public acknowledgment of being impacted by the Salt Typhoon campaign. Reports first surfaced in October about hackers breaching the networks of major U.S. phone and internet providers to gather intelligence on U.S. citizens.
U.S. officials revealed earlier this month that at least eight telecom providers had been targeted, including Lumen (formerly CenturyLink) and T-Mobile. On Friday, Anne Neuberger, deputy national security adviser for cyber and emerging technology, mentioned a ninth victim had been identified, though the newly identified victim was not named, Reuters reported.
Neuberger noted that one of the breached telecoms involved an administrator account with access to over 100,000 routers.