{
	"id": "5cfafaf3-5202-4e71-b17f-41ae1f904426",
	"created_at": "2026-04-06T01:31:54.070663Z",
	"updated_at": "2026-04-10T03:34:28.199878Z",
	"deleted_at": null,
	"sha1_hash": "d7f846d54ab86dc055d8c14876ecf78b44033f75",
	"title": "Chinese hackers gained access to huge trove of Americans’ cell records",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31277,
	"plain_text": "Chinese hackers gained access to huge trove of Americans’ cell\r\nrecords\r\nBy John Sakellariadis\r\nPublished: 2024-11-06 · Archived: 2026-04-06 00:59:20 UTC\r\nThe Biden administration has not yet said it has been able to evict the Chinese from phone companies’ networks.\r\nThe National Security Council did not respond to a request for comment.\r\nThe leak of Call Detail Records would constitute a significant national security risk, potentially allowing Beijing\r\nto identify American spies, glean intimate details on the lives of U.S. political or business figures, or trace the\r\nmovements of American troops and law enforcement personnel.\r\nThe latter risk, in particular, has worried government investigators.\r\n5G infrastructure is more densely distributed than traditional cell towers. That means providers now retain data\r\nthat can in some cases pinpoint a phone to within a few meters of the owner’s location — which is far more\r\nprecise than what was possible in the past. “That’s hugely important for Chinese intelligence,” said the first\r\nperson.\r\nIt is not clear if the Chinese accessed the logs at one telecommunications provider or several, for how long, and\r\nwhether they still retain access to it. The Wall Street Journal reported Tuesday that Salt Typhoon embedded itself\r\ninside some providers at least eight months ago.\r\nThose types of basic questions have proved exceptionally difficult to answer, and the uncertainty surrounding\r\nthem is emblematic of what some believe is the bigger problem in the breaches: spotting an elusive Chinese\r\nhacking crew — and kicking them out.\r\nSalt Typhoon has embedded itself inside often-aging networking equipment, including routers and switches, that\r\ndo not run the Windows operating system and are hard for digital forensics experts to probe, the second person\r\nsaid. The enormous size and complexity of the phone providers’ networks have exacerbated the work of spotting\r\nthe Chinese, both people added.\r\n“It’s not a traditional compromise, it’s all this niche networking stuff,” the second person said. “It is hard to figure\r\nout how they landed there.”\r\nSource: https://www.politico.com/news/2024/11/06/chinese-hackers-american-cell-phones-00187873\r\nhttps://www.politico.com/news/2024/11/06/chinese-hackers-american-cell-phones-00187873\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.politico.com/news/2024/11/06/chinese-hackers-american-cell-phones-00187873"
	],
	"report_names": [
		"chinese-hackers-american-cell-phones-00187873"
	],
	"threat_actors": [
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775439114,
	"ts_updated_at": 1775792068,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d7f846d54ab86dc055d8c14876ecf78b44033f75.pdf",
		"text": "https://archive.orkl.eu/d7f846d54ab86dc055d8c14876ecf78b44033f75.txt",
		"img": "https://archive.orkl.eu/d7f846d54ab86dc055d8c14876ecf78b44033f75.jpg"
	}
}