{ "id": "197bf989-9160-4f70-980f-6af0b4d79760", "created_at": "2026-04-06T01:31:00.741809Z", "updated_at": "2026-04-10T13:12:35.656013Z", "deleted_at": null, "sha1_hash": "949e148398766fcf0c4b9ac2a83c58a3dd2f30f5", "title": "US agencies confirm Beijing-linked telecom breach involving call records of politicians, wiretaps", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 76052, "plain_text": "US agencies confirm Beijing-linked telecom breach involving call\r\nrecords of politicians, wiretaps\r\nBy Jonathan Greig\r\nPublished: 2024-11-14 · Archived: 2026-04-06 00:26:24 UTC\r\nU.S. law enforcement agencies confirmed on Wednesday previous reports that hackers connected to the People's\r\nRepublic of China (PRC) breached the systems of commercial telecommunications infrastructure in order to steal\r\nthe call record data of prominent politicians. \r\nThe FBI and Cybersecurity and Infrastructure Security Agency (CISA) said in a statement that an investigation\r\nthat began in late October has revealed a “broad and significant cyber espionage campaign.”\r\n“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple\r\ntelecommunications companies to enable the theft of customer call records data, the compromise of private\r\ncommunications of a limited number of individuals who are primarily involved in government or political activity,\r\nand the copying of certain information that was subject to U.S. law enforcement requests pursuant to court\r\norders,” the agencies said.\r\nThe Wall Street Journal and New York Times reported weeks ago that a Chinese government group called Salt\r\nTyphoon breached systems at AT\u0026T, Verizon and Lumen — specifically targeting the systems U.S. law\r\nenforcement agencies use for wiretaps. \r\nThe news outlets reported that Salt Typhoon used their access to telecommunications giants like Verizon to target\r\ndata from phones used by President-elect Donald Trump, Vice President-elect JD Vance and staff members of Vice\r\nPresident Kamala Harris. \r\nPolitico first reported that Salt Typhoon hackers gained access to Call Detail Records — which provide granular\r\ndata on who a person spoke to, when, for how long, and where they were when they took the call. \r\nThe Wednesday statement says the FBI and CISA expect their understanding of the campaign “to grow as the\r\ninvestigation continues.” \r\n“FBI and CISA continue to render technical assistance, rapidly share information to assist other potential victims,\r\nand work to strengthen cyber defenses across the commercial communications sector,” the agencies said. “We\r\nencourage any organization that believes it might be a victim to engage its local FBI Field Office or CISA.\"\r\nIn addition to Trump, Vance and Harris, law enforcement agencies told outlets that other high-ranking officials\r\nfrom both political parties were targeted as part of the campaign. The Wall Street Journal reported that beyond\r\nAT\u0026T, Verizon and Lumen, several other telecoms were targeted. \r\nIn the letter to FCC Chair Jessica Rosenworcel and DOJ Attorney General Merrick Garland, U.S. Senator Ron\r\nWyden, (D-Ore) wrote that the incident should “serve as a major wake-up call to the government.” \r\nhttps://therecord.media/us-agencies-confirm-china-telecom-hack-wiretaps\r\nPage 1 of 3\n\n“The outdated regulatory framework and DOJ’s failed approach to combating cyberattacks by protecting negligent\r\ncorporations must be addressed,” he said. “The security of our nation's communications infrastructure is\r\nparamount, and the government must act now to rectify these longstanding vulnerabilities.”\r\nRetired Gen. Paul Nakasone recently spoke to the Click Here podcast and explained that the Salt Typhoon\r\ncampaign was a far different effort than Volt Typhoon — where Chinese hackers placed themselves on critical\r\ninfrastructure in ways that could cause destructive actions.\r\nNakasone, the former head of U.S. Cyber Command and the National Security Agency, said the Salt Typhoon\r\neffort resembled previous Chinese hacking efforts like the 2015 Office of Personnel Management hack and\r\nwarned that U.S. officials need to be much more sophisticated in the way that they communicate. \r\n“[Salt Typhoon’s hack] is about scope and scale. This is intelligence gathering. This is not what we saw with Volt\r\nTyphoon, which was clearly designed to create some type of outcome in a crisis or conflict. This is to gather\r\nintelligence. Should we be surprised? That unencrypted communications are being intercepted by an adversary?\r\nNo, we shouldn't. Uh, but the scale of it is what is concerning,” he said. \r\n“The scale of being in American telecommunications companies. So this portends, what are we going to do now\r\nthat we've discovered them? And this is really the next step that our government, the private sector, needs to come\r\ntogether to be able to act on.”\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/us-agencies-confirm-china-telecom-hack-wiretaps\r\nPage 2 of 3\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/us-agencies-confirm-china-telecom-hack-wiretaps\r\nhttps://therecord.media/us-agencies-confirm-china-telecom-hack-wiretaps\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://therecord.media/us-agencies-confirm-china-telecom-hack-wiretaps" ], "report_names": [ "us-agencies-confirm-china-telecom-hack-wiretaps" ], "threat_actors": [ { "id": "846522d7-29cb-4a0c-8ebe-ffba7429e2d7", "created_at": "2023-06-23T02:04:34.793629Z", "updated_at": "2026-04-10T02:00:04.971054Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "Bronze Silhouette", "Dev-0391", "Insidious Taurus", "Redfly", "Storm-0391", "UAT-5918", "UAT-7237", "UNC3236", "VOLTZITE", "Vanguard Panda" ], "source_name": "ETDA:Volt Typhoon", "tools": [ "FRP", "Fast Reverse Proxy", "Impacket", "LOLBAS", "LOLBins", "Living off the Land" ], "source_id": "ETDA", "reports": null }, { "id": "f0eca237-f191-448f-87d1-5d6b3651cbff", "created_at": "2024-02-06T02:00:04.140087Z", "updated_at": "2026-04-10T02:00:03.577326Z", "deleted_at": null, "main_name": "GhostEmperor", "aliases": [ "OPERATOR PANDA", "FamousSparrow", "UNC2286", "Salt Typhoon", "RedMike" ], "source_name": "MISPGALAXY:GhostEmperor", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff", "created_at": "2024-12-28T02:01:54.899899Z", "updated_at": "2026-04-10T02:00:04.880446Z", "deleted_at": null, "main_name": "Salt Typhoon", "aliases": [ "Earth Estries", "FamousSparrow", "GhostEmperor", "Operator Panda", "RedMike", "Salt Typhoon", "UNC2286" ], "source_name": "ETDA:Salt Typhoon", "tools": [ "Agentemis", "Backdr-NQ", "Cobalt Strike", "CobaltStrike", "Crowdoor", "Cryptmerlin", "Deed RAT", "Demodex", "FamousSparrow", "FuxosDoor", "GHOSTSPIDER", "HemiGate", "MASOL RAT", "Mimikatz", "NBTscan", "NinjaCopy", "ProcDump", "PsExec", "PsList", "SnappyBee", "SparrowDoor", "TrillClient", "WinRAR", "Zingdoor", "certutil", "certutil.exe", "cobeacon", "nbtscan" ], "source_id": "ETDA", "reports": null }, { "id": "a88747e2-ffed-45d8-b847-8464361b2254", "created_at": "2023-11-01T02:01:06.605663Z", "updated_at": "2026-04-10T02:00:05.289908Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "Volt Typhoon", "BRONZE SILHOUETTE", "Vanguard Panda", "DEV-0391", "UNC3236", "Voltzite", "Insidious Taurus" ], "source_name": "MITRE:Volt Typhoon", "tools": [ "netsh", "PsExec", "ipconfig", "Wevtutil", "VersaMem", "Tasklist", "Mimikatz", "Impacket", "Systeminfo", "netstat", "Nltest", "certutil", "FRP", "cmd" ], "source_id": "MITRE", "reports": null }, { "id": "49b3063e-a96c-4a43-b28b-1c380ae6a64b", "created_at": "2025-08-07T02:03:24.661509Z", "updated_at": "2026-04-10T02:00:03.644548Z", "deleted_at": null, "main_name": "BRONZE SILHOUETTE", "aliases": [ "Dev-0391 ", "Insidious Taurus ", "UNC3236 ", "Vanguard Panda ", "Volt Typhoon ", "Voltzite " ], "source_name": "Secureworks:BRONZE SILHOUETTE", "tools": [ "Living-off-the-land binaries", "Web shells" ], "source_id": "Secureworks", "reports": null }, { "id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff", "created_at": "2025-04-23T02:00:55.190165Z", "updated_at": "2026-04-10T02:00:05.361244Z", "deleted_at": null, "main_name": "Salt Typhoon", "aliases": [ "Salt Typhoon" ], "source_name": "MITRE:Salt Typhoon", "tools": [ "JumbledPath" ], "source_id": "MITRE", "reports": null }, { "id": "6477a057-a76b-4b60-9135-b21ee075ca40", "created_at": "2025-11-01T02:04:53.060656Z", "updated_at": "2026-04-10T02:00:03.845594Z", "deleted_at": null, "main_name": "BRONZE TIGER", "aliases": [ "Earth Estries ", "Famous Sparrow ", "Ghost Emperor ", "RedMike ", "Salt Typhoon " ], "source_name": "Secureworks:BRONZE TIGER", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "4ed2b20c-7523-4852-833b-cebee8029f55", "created_at": "2023-05-26T02:02:03.524749Z", "updated_at": "2026-04-10T02:00:03.366175Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "BRONZE SILHOUETTE", "VANGUARD PANDA", "UNC3236", "Insidious Taurus", "VOLTZITE", "Dev-0391", "Storm-0391" ], "source_name": "MISPGALAXY:Volt Typhoon", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775439060, "ts_updated_at": 1775826755, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/949e148398766fcf0c4b9ac2a83c58a3dd2f30f5.pdf", "text": "https://archive.orkl.eu/949e148398766fcf0c4b9ac2a83c58a3dd2f30f5.txt", "img": "https://archive.orkl.eu/949e148398766fcf0c4b9ac2a83c58a3dd2f30f5.jpg" } }