The article starts:
The purpose of the attack appears to be for intelligence collection as the hackers might have had access to systems used by the U.S. federal government for court-authorized network wiretapping requests.
It is unclear when the intrusion occurred, but WSJ cites people familiar with the matter, saying that “for months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data.”
The group’s name is “Salt Typhoon” which seems to only go after governmental stuff and is only out to cause havoc.
If they had something that could let them know that they were infiltrated, like a honeypot, than they wouldn’t have this problem.
There was an advertiser on TWIT that companies like these two carriers mentioned could use that would send an alert of some sort if someone unauthorized accessed things.
Salt Typhoon has been active since at least 2019 and is considered a sophisticated hacking group focusing on government entities and telecommunications companies typically in the Southeast Asia region
.
In previous attacks attributed to Salt Typhoon/Ghost Emperor, the threat actor used a custom backdoor called SparrowDoor, customized versions of the Mimikatz tool for extracting authentication data, and a Windows kernel-mode rootkit Demodex.
Chinese APT hacking groups have been increasingly targeting U.S. and European networking devices and ISPs in cyberespionage attacks.
The companies have not responded to comment from Bleeping Computer.
Read more by reading the article AT&T, Verizon reportedly hacked to target US govt wiretapping platform and be aware.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.