{
	"id": "6b1f6b94-4d24-4300-baf1-99b24d5d0777",
	"created_at": "2026-04-06T00:16:52.952482Z",
	"updated_at": "2026-04-10T03:34:28.25006Z",
	"deleted_at": null,
	"sha1_hash": "8ece4811f72afc68e4a1a19f07efa8c4bd1f75a4",
	"title": "Chinese hackers also breached Charter and Windstream networks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1737959,
	"plain_text": "Chinese hackers also breached Charter and Windstream networks\r\nBy Sergiu Gatlan\r\nPublished: 2025-01-06 · Archived: 2026-04-05 16:34:56 UTC\r\nMore U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese\r\nstate-backed threat group tracked as Salt Typhoon.\r\nThis comes after AT\u0026T, Verizon, and Lumen confirmed on December 30 that they have evicted the hackers from their\r\nnetworks. After breaching their networks, the Salt Typhoon hackers gained access to targeted individuals' text messages,\r\nvoicemails, and phone calls, as well as wiretap information of those investigated by U.S. law enforcement.\r\nT-Mobile also disclosed in November that unknown attackers compromised some of its routers in a network reconnaissance\r\nattempt after connecting from a linked wireline provider's network. However, the company's Chief Security Officer, Jeff\r\nSimon, didn't link the hack to Salt Typhoon and said the carrier's cyber defenses stopped the attack.\r\nhttps://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOver the weekend, sources familiar with the matter told the Wall Street Journal that the Chinese hackers have also breached\r\nthe systems of Charter Communications, Consolidated Communications, and Windstream.\r\nWhen BleepingComputer reached out earlier today to ask for confirmation, Windstream, Charter, and Consolidated\r\nCommunications declined to comment.\r\nWhile Anne Neuberger, the White House's deputy national security adviser for cyber and emerging technologies, told\r\nreporters on December 27 that the Chinese hackers breached nine U.S. telecoms, it's unknown whether these three carriers\r\nare among them or add to the list. Neuberger also said in an early December press briefing that Salt Typhoon had breached\r\ntelecom companies in dozens of other countries.\r\nFollowing this wave of telecom breaches that have impacted numerous countries, CISA has advised senior government\r\nofficials to switch to end-to-end encrypted messaging apps like Signal to mitigate communication interception risks.\r\nAdditionally, the cybersecurity agency has released guidance to assist telecom administrators and engineers in strengthening\r\ntheir systems against Salt Typhoon attacks.\r\nU.S. Senator Ron Wyden of Oregon also announced a new bill to secure the infrastructure of American telecoms, while FCC\r\nChairwoman Jessica Rosenworcel said the agency would act \"urgently\" to ensure that U.S. carriers are required to secure\r\ntheir networks against cyberattacks.\r\nIn response to these telecom hacks, the U.S. government reportedly plans to ban China Telecom's last active operations in\r\nthe United States. Additionally, U.S. authorities are considering banning TP-Link routers if ongoing investigations reveal\r\nthat their use in cyberattacks poses a national security risk.\r\nThe Treasury Department also linked Chinese-sponsored hackers last week to a recent breach of the agency's Office of\r\nForeign Assets Control (OFAC), which administers trade and economic sanctions programs, in what it described as a \"major\r\ncybersecurity incident.\"\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/\r\nPage 3 of 4\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/\r\nhttps://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/"
	],
	"report_names": [
		"charter-and-windstream-among-nine-us-telecoms-hacked-by-china"
	],
	"threat_actors": [
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434612,
	"ts_updated_at": 1775792068,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8ece4811f72afc68e4a1a19f07efa8c4bd1f75a4.pdf",
		"text": "https://archive.orkl.eu/8ece4811f72afc68e4a1a19f07efa8c4bd1f75a4.txt",
		"img": "https://archive.orkl.eu/8ece4811f72afc68e4a1a19f07efa8c4bd1f75a4.jpg"
	}
}