Massive cyberattack on US providers: first intrusion a year earlier
In 2024, suspected Chinese attackers succeeded in launching a massive attack on US providers. However, malware was apparently installed much earlier.
(Image: ND700/Shutterstock.com)
Attackers suspected of belonging to the Chinese government broke into the systems of at least one US provider a year earlier than the extensive attack on network operators that became known in the fall. Bloomberg reports this, citing anonymous sources and a document that was sent to intelligence agencies months ago. According to the document, analysis of the massive cyberattack on several providers revealed malware that had been installed at one of them since 2023. Although it is not clear whether this attack is related to the later attack, the malware discovered is associated with the group that is said to be responsible for it.
As Bloomberg recalls, in the course of the investigation into the major cyberattack, it was repeatedly pointed out that it was carried out via a rootkit for Windows kernels called Demodex. This is attributed to a group called “Salt Typhoon”, “GhostEmperor” or “FamousSparrow”, which is said to be close to the Chinese government. It was then discovered at one of the providers that this rootkit had been installed much earlier, namely as early as 2023. However, it is still not clear whether this is connected to the major attack. Bloomberg also did not find out which provider was affected. It is also not clear exactly what those responsible wanted in the systems.
Videos by heise
The fact that attackers succeeded in compromising the networks of AT&T, Verizon, T-Mobile and other providers became known at the beginning of October. The group was apparently involved in gathering information. It was the “largest telecommunications hack in US history – by far”, said the chairman of the Senate committee responsible for intelligence services back in November. An ongoing investigation into this was abruptly halted by the new US government under Donald Trump in January, when all members of various advisory bodies not appointed by the government were dismissed.
(mho)
