Chinese government-backed hackers carried out a large-scale cyber-espionage campaign, breaking into multiple telecom companies, according to a statement from U.S. officials on Wednesday. They confirmed additional details about these cyberattacks, which have serious national security impacts.

According to officials, the hackers gained access to the networks of several telecom providers in order to acquire call logs from customers and compromise the communications of a "limited number" of political and governmental figures. The attackers also duplicated certain data that was at the centre of demands from US law enforcement as a result of court orders, said the officials. The officials stated that as the inquiry progresses, "we expect our understanding of these compromises to grow." The impacted telecom firms were not named in the announcement. 

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are helping with the investigation and assisting any potential victims, according to U.S. authorities. A spokesperson for the Chinese Embassy in Washington has not yet responded to a request for comment. In early October, the Wall Street Journal reported that hackers had breached AT&T Inc. and Verizon Communications Inc. This breach might have allowed them to access systems used by the federal government to manage court-approved wiretapping requests. 

U.S. intelligence officials believe a Chinese hacking group, known as Salt Typhoon by Microsoft Corp., may have been within U.S. telecommunications companies' networks for several months. They potentially discovered a way into a secure access point used for authorised wiretaps, according to a source familiar with these findings. According to the New York Times, the hackers are said to have targeted the phones of a variety of individuals, including members of Vice President Kamala Harris' campaign staff, former President Donald Trump, running partner JD Vance, and Trump family members.  

A person familiar with the situation said that US investigators are still working to fully understand the attacks and don’t have all the details yet. It will take time to figure out how many people were affected and to be sure that the US has uncovered all important information. The investigation is still ongoing, and the picture is still being developed. Another individual with knowledge of the situation said that US officials have informed dozens of entities, including telecom firms, that they were the target of the Salt Typhoon intrusions.  

Smaller regional internet service providers, in addition to large telecommunications companies, have also been affected by the breach, according to someone familiar with the situation. It’s possible that Salt Typhoon is accessing audio through the wiretap system by selecting which phone numbers to monitor, bypassing security measures, the person added. Last week, US intelligence agencies briefed Congressional staffers on the Salt Typhoon breach, as confirmed by an aide. These briefings were previously reported by CyberScoop. “This is as concerning to me as anything I’ve seen since coming here,” Senator Ron Wyden, Democrat of Oregon, said.

According to a State Department official, the interagency process alerted them of the Salt Typhoon attacks, which they had been aware of for weeks. The fact that the hacks are taking place on US soil and in an area where US officials believed they had protected telecommunications from enemies is worrisome, the official said, adding that the hacks appear to be frightening due to their wide-ranging nature and potential to affect numerous industries.