"Gift" to China: investigation into massive cyber attack in the USA halted

A massive cyber attack on providers has been keeping the USA busy for months. An investigation by an advisory body has now apparently been abruptly halted.

(Image: muhammadtoqeer/Shutterstock.com)

Jan 23, 2025 at 3:25 pm CET

3 min. read

By

Martin Holland

The new US government has dismissed all members of various advisory bodies not appointed by the government, bringing an investigation into the devastating cyberattack on US providers to an abrupt halt. This was reported by the news agency Reuters. According to people in the know, the investigation into the attack by the Cyber Safety Review Board has been “killed”, quotes journalist Eric Geller. Senator Ron Wyden (Democrat) speaks of a “massive gift to the Chinese spies who also targeted Donald Trump and JD Vance.”

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Inhalt geladen.

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

DHS has terminated the memberships of everyone on its advisory committees. This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon. That review is "dead," person familiar says. www.documentcloud.org/documents/25...

[image or embed]

— Eric Geller (@ericjgeller.com) 21. Januar 2025 um 21:43

Help from the private sector

The Cyber Safety Review Board (CSRB) has been existing since 2022 and is staffed by the cybersecurity agency CISA. Government institutions such as the NSA intelligence agency and the Ministry of Justice were actually represented on the board, as well as private sector players such as Google and cybersecurity companies. The assembled expertise is intended to investigate particularly serious cybersecurity incidents. There were reports on the Log4Shell vulnerability and the attack on Microsoft Exchange in the summer of 2023, for example. Most recently, the committee dealt with the attack on US providers that was allegedly carried out from China.

Videos by heise

At the beginning of October, it became known that attackers suspected of being in the service of the Chinese government had succeeded in compromising the networks of AT&T, Verizon, T-Mobile and other providers. The group called “Salt Typhoon”, “GhostEmperor” or “FamousSparrow” was apparently involved in gathering information. It was the” largest telecommunications hack in US history – by far”, the chairman of the Senate committee responsible for intelligence services said back in November. According to Geller, the CSRB's analysis was less than half finished. The dismissal was justified on the grounds of “misuse of resources”.

As Reuters explains, the CSRB is just one of several advisory bodies assigned to the Department of Homeland Security (DHS). They provide support in areas such as civil protection, AI, and technology. With the dismissal of all delegates who are not from a government agency, the CSRB and the others do not necessarily have to cease their work. But their ability to function is significantly restricted. According to the DHS, those dismissed can reapply, but that may be too late for the ongoing work. The CSRB's investigation into the “Salt Typhoon” cyberattack is effectively over, Reuters writes.