US officials say hackers linked to the Chinese government are responsible for breaching the security of major telecommunications companies and US agencies.
The latest hack, announced on Monday, targeted by the US Treasury Department, which called the infiltration a “major incident”.
Officials said the hackers were able to access employee workstations and some unclassified documents. China denies involvement.
It is the latest in a series of cyberattacks that have emerged in recent months against US and other Western targets.
What was hacked?
The hacking of the Treasury Department followed news in late October that two major US presidential campaigns had been targeted.
The FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) said the hack targeting the White House campaigns was carried out by “actors associated with the People’s Republic of China.”
In September, reports surfaced of an operation that managed to breach security at top telecommunications companies.
The White House recently said at least nine companies were hacked, including telecom giants AT&T and Verizon.
And earlier in the year, in March, seven Chinese nationals were charged with running the hacking operation which lasted at least 14 years and targeted foreign critics of China, businesses and politicians.
Operations linked to China by Western governments also targeted the UK Electoral Commission and the parliaments of the UK and New Zealand.
Who are hackers?
While full details have yet to be revealed, the hacks appear to be the work of several different units – each, US authorities say, linked to the Chinese state.
Hacker groups are given nicknames by security companies. For example, the group behind telecommunications hacking is most commonly known as Salt Typhoon, a name given to it by researchers at Microsoft. Other companies named it Famous Sparrow, Ghost Emperor and Earth Estrie.
Salt Typhoon is believed to be behind the telecommunications hack. A separate group nicknamed Volt Typhoon, is accused of breaking into critical infrastructure organizations for potential jamming attacks.
The seven Chinese nationals accused of hacking have been linked by US Justice Department officials to an operation known as Zirconium or Judgment Panda.
The UK’s National Cyber Security Center says the same operation targeted British parliamentarians’ emails in 2021.
What was collected during the hack?
The latest hacks appear to have targeted powerful individuals and the collection of data that could benefit the Chinese government.
Among others, they targeted the phones of President-elect Donald Trump, Vice President-elect JD Vance, and people working for Vice President Kamala Harris’ campaign.
The hackers also accessed a database of phone numbers subject to wiretapping by law enforcement — knowledge that experts say could be used to reveal which foreign spies are under surveillance.
And millions of Americans may have had their data breached by attacks on telecommunications companies.
Richard Forno, associate director of the University of Maryland, Baltimore County Cybersecurity Institute, said China’s efforts are aimed at different targets.
“It’s more of a generic information gathering, to see what we can get into and see what we can find,” he said.
How worried are US officials?
US lawmakers from both parties have expressed concern about the hacking.
Senator Mark Warner, a Democrat, called Salt Typhoon’s activities “the worst telecommunications hack in our nation’s history.”
Brendan Carr, Trump’s pick to chair the Federal Communications Commission, said the intelligence briefing on the hacking was “deeply, deeply troubling.”
“The information I heard made me actually smash my phone at the end,” he told CNBC.
FBI Director Christopher Wray recently said that Salt Typhoon’s hacking of telecommunications companies was “the most significant cyberespionage campaign in Chinese history.”
He has previously said that China’s hacking program is larger “than [that of] every other great nation combined”.
How did the Western Allies respond?
Along with charges against seven Chinese nationals, earlier this month US authorities warned China Telecom Americas, the US subsidiary of one of China’s largest telecommunications companies, that it was a national security threat.
The company has 30 days to respond and could eventually face a ban.
It’s in May The UK has sanctioned two individuals and Wuhan Xiaoruizhi Science and Technology Company Ltdwhich was said to be related to the Judgment Panda.
Trump’s incoming national security adviser, Mike Waltz, said foreign hackers must face “higher costs and consequences.”
Mr. Forno of the UMBC Cybersecurity Institute said the hacks were likely years in the making.
“China has traditionally taken a very long and strategic view of how it conducts its espionage and intelligence operations,” he said. “The US tends to be much more reactive and much more interested in immediate and visible results.”
What did China say?
Chinese Foreign Ministry spokeswoman Mao Ning told a press briefing that the allegations were “baseless” and that “evidence is lacking.”
“China consistently opposes all forms of hacking and resolutely rejects the spread of false information targeting China for political purposes,” Mao said.
A Chinese embassy spokesman said in a statement: “The US should stop using cyber security to slander and defame China and stop spreading all kinds of misinformation about so-called Chinese hacking threats.”
