AT&T and Verizon say networks secure after Salt Typhoon breach

AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.

"We have not detected threat actor activity in Verizon's network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident," Verizon's Chief Legal Officer told Reuters.

AT&T also issued a statement saying it cooperates with law enforcement and works with other telecommunication companies to investigate the incident. It also added that it detected a limited number of cases in which the attackers attempted to collect foreign intelligence information and in which the breach impacted customers' data.

"We detect no activity by nation-state actors in our networks at this time. Based on our current investigation of this attack, the People's Republic of China targeted a small number of individuals of foreign intelligence interest," an AT&T spokesperson said.

T-Mobile also disclosed in November that the Chinese "Salt Typhoon" hackers breached some of its routers to find ways to move laterally through its network. However, the company's Chief Security Officer, Jeff Simon, added that the carrier's cyber defenses stopped the attack originating from a connected wireline provider's network.

"Bad actors had no access to sensitive customer data (including calls, voicemails, or texts). We quickly severed connectivity to the provider's network as we believe it was – and may still be – compromised," Simon said.

The White House's deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters on Friday that the Chinese hacking campaign impacted nine U.S. telecommunications companies. Earlier this month, Neuberger also revealed in a press briefing that the Chinese hackers had breached carriers in dozens of other countries.

The U.S. government reportedly plans to ban China Telecom's last active U.S. operations in response to the telecom hacks and is also considering banning TP-Link routers if ongoing investigations find that their use in cyberattacks is a national security risk.

In addition, FCC Chairwoman Jessica Rosenworcel said the agency would act "urgently" to ensure that U.S. carriers are required to secure their infrastructure. U.S. Senator Ron Wyden of Oregon also announced a new bill to secure the networks of American telecoms.

The Salt Typhoon Chinese cyber-espionage group (also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) behind this hacking campaign has been active since at least 2019 and is known for breaching telecom companies and government entities throughout Southeast Asia.