The Department of Homeland Security’s (DHS) Cyber Safety Review Board (CSRB) will launch an investigation into China-sponsored infiltrations of U.S. telecom networks and infrastructure that have come to light since the beginning of this month, DHS confirmed today.
CSRB – which was established in 2022 to investigate significant cyber incidents – will “initiate a review of this incident at the appropriate time,” a DHS spokesperson told MeriTalk.
As first reported earlier this month by the Wall Street Journal, Chinese government hackers may have penetrated AT&T, Verizon, and Lumen internal wiretapping systems – created for the benefit of U.S. law enforcement authorities – for multiple months or longer.
Targets of the hacking campaign have included data from phones used by former President Donald Trump and his running mate, Sen. JD Vance, R-Ohio, a report by the New York Times said on Friday.
Democratic officials were also hit by the same campaign, with staff of Senate Majority Leader Chuck Schumer, D-N.Y., and Vice President Kamala Harris’s presidential campaign staff also targeted, according to the Washington Post.
“After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims,” DHS, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint-release on Friday.
“Agencies across the U.S. Government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector,” the three agencies said.
Other Federal efforts to garner more information about the telco hacks include an Oct. 18 letter from House Homeland Security Committee Chair Mark Green, R-Tenn., and Cybersecurity and Infrastructure Protection Subcommittee Chair Andrew Garbarino, R-N.Y., requesting that the FBI and CISA update Congress on their findings by Nov. 1.
“This intrusion would significantly jeopardize Americans’ right to privacy and broader U.S. national security interests,” the congressmen wrote.
CSRB is a public-private initiative that brings together government and industry leaders to better understand significant cybersecurity events. The board investigates root causes, mitigations, and responses, and then issues recommendations based on its findings. CISA manages, supports, and funds the board.
The CSRB’s first review focused on vulnerabilities discovered in late 2021 in the widely used Log4j open-source software library. In its second review the board examined the 2021-2022 attacks associated with Lapsus$, a global extortion-focused hacker group.
The CSRB’s third and most recent review analyzed the summer 2023 Microsoft Exchange Online intrusion, attributing the success of the China-based hack to “a cascade of security failures at Microsoft” and an “inadequate” security culture at the company.
Rep. Ritchie Torres, D-N.Y., in July sent a letter to CISA Director Jen Easterly requesting that DHS, CISA, and CSRB conduct a joint investigation of the CrowdStrike outage that temporarily disabled millions of computers running Microsoft Windows software.