From China: Cyber attack on US provider "worst in US history"
Around two weeks ago, a cyberattack on various providers was discovered in the USA and involved espionage. The attackers are still in the system.
(Image: muhammadtoqeer/Shutterstock.com)
The cyberattack from China on the networks of several major US network operators discovered more than a month ago is "the largest telecommunications hack in US history – by far". This is what Mark Warner (Democrat), the chairman of the Senate committee responsible for intelligence, has now told the Washington Post. The attack attributed to a group called "Salt Typhoon", "GhostEmperor" or "FamousSparrow" makes the cyberattacks on Colonial Pipeline or SolarWinds look like child's play in comparison, the US senator added. He also explained that the attackers were still in the system.
Expulsion not so easy
The fact that attackers suspected of being in the service of the Chinese government succeeded in compromising the networks of AT&T, Verizon, T-Mobile and other providers became known at the beginning of October. The attack appears to be about information gathering, and even then it was clear that it could be a potentially catastrophic security breach. According to Warner, some of the intrusions took place more than a year ago. In order to kick the unknowns off the networks, "literally thousands and thousands of devices would have to be replaced," especially outdated switches and routers, the senator added.
Videos by heise
According to the report, the unknown attackers were able to access and eavesdrop on phone calls in real time. They targeted the phones of the next US President Donald Trump and his Vice President J.D. Vance, among others, as well as those of employees of the current US Vice President Kamala Harris and the US State Department. However, there was probably no direct link to the US presidential election. So far, fewer than 150 people have been identified and informed as victims by the US Federal Bureau of Investigation, but they have contacted "millions" and the number could still "increase dramatically", says Warner.
During their attack, they also managed to gain access to the systems used by US law enforcement agencies for surveillance, the newspaper writes. This would have allowed them to find out who the US authorities are interested in. So far, however, there is no evidence that they have gained access to the recorded phone calls themselves. They were only able to eavesdrop on other conversations. They were also able to access other, more general Internet data. According to an entry in the Fraunhofer FKIE Malpedia database, a rootkit for Windows kernels called Demodex was used for the attack.
(mho)
