{
	"id": "4d4a1deb-9d74-461a-a779-96d9df2f620d",
	"created_at": "2026-04-06T00:07:52.029147Z",
	"updated_at": "2026-04-10T13:13:05.159849Z",
	"deleted_at": null,
	"sha1_hash": "4945a2c4a4563400b0e007b59001439154843989",
	"title": "White House links ninth telecom breach to Chinese hackers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3116274,
	"plain_text": "White House links ninth telecom breach to Chinese hackers\r\nBy Sergiu Gatlan\r\nPublished: 2024-12-27 · Archived: 2026-04-05 14:46:53 UTC\r\nA White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese\r\nhacking campaign that impacted dozens of countries.\r\nThe Salt Typhoon Chinese cyber-espionage group who orchestrated these attacks (also tracked as Earth Estries,\r\nFamousSparrow, Ghost Emperor, and UNC2286) is known for breaching government entities and telecom companies\r\nthroughout Southeast Asia and has been active since at least 2019.\r\nThe White House's deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters\r\ntoday that this new victim was discovered after the Biden administration released guidance to help defenders spot Chinese\r\nhackers' activity in their networks.\r\nhttps://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"The reality is that China is targeting critical infrastructure in the United States. Those are private sector companies, and we\r\nstill see companies not doing the basics,\" Neuberger said, according to Bloomberg. \"That's why we're looking forward and\r\nsaying 'Let's lock down this infrastructure.' And frankly, let's hold the Chinese accountable for this.\"\r\nNeuberger first told reporters during an early December press briefing that the Chinese hacking group had breached eight\r\nU.S. telecoms and carriers in dozens of other countries.\r\nThe White House official added that \"at this time, we don't believe any classified communications have been compromised,\"\r\nwhile a senior CISA official stated that they couldn't \"say with certainty that the adversary has been evicted.\"\r\nSince this wave of telecom breaches affecting dozens of countries has been disclosed, CISA has urged senior government\r\nofficials to switch to end-to-end encrypted messaging apps like Signal to communication interception risks and released\r\nguidance to help telecom admins and engineers harden their systems against Salt Typhoon attacks.\r\nEarlier this month, the New York Times reported that the Biden administration will ban China Telecom's last active U.S.\r\noperations in response to Chinese state hackers breaching multiple U.S. telecom carriers. The U.S. government is also\r\nconsidering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a\r\nnational security risk.\r\nIn addition, U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecoms, and\r\nFCC Chairwoman Jessica Rosenworcel said the agency would act \"urgently\" to ensure that U.S. carriers are required to\r\nsecure their infrastructure.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/\r\nPage 3 of 4\n\nSource: https://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/\r\nhttps://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/"
	],
	"report_names": [
		"white-house-links-ninth-telecom-breach-to-chinese-hackers"
	],
	"threat_actors": [
		{
			"id": "f67fb5b3-b0d4-484c-943e-ebf12251eff6",
			"created_at": "2022-10-25T16:07:23.605611Z",
			"updated_at": "2026-04-10T02:00:04.685162Z",
			"deleted_at": null,
			"main_name": "FamousSparrow",
			"aliases": [
				"Earth Estries"
			],
			"source_name": "ETDA:FamousSparrow",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a09ade2a-6b87-4f9a-b4f8-23cf14f63633",
			"created_at": "2023-11-04T02:00:07.676869Z",
			"updated_at": "2026-04-10T02:00:03.389898Z",
			"deleted_at": null,
			"main_name": "Earth Estries",
			"aliases": [],
			"source_name": "MISPGALAXY:Earth Estries",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434072,
	"ts_updated_at": 1775826785,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4945a2c4a4563400b0e007b59001439154843989.pdf",
		"text": "https://archive.orkl.eu/4945a2c4a4563400b0e007b59001439154843989.txt",
		"img": "https://archive.orkl.eu/4945a2c4a4563400b0e007b59001439154843989.jpg"
	}
}