Americans urged to use encrypted messaging after large, ongoing cyberattack

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with.

Speaking to Reuters, a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing.

The state-sponsored actor behind the attack is an Advanced Persistent Threat (APT) group known as Salt Typhoon, believed to be tied to the People’s Republic of China (PRC).

Sophisticated state-sponsored campaigns from China are constantly targeting network appliances and devices. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant. Volt Typhoon made headlines earlier this year when the FBI removed their malware from hundreds of routers across the US.

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. By abusing their components that make up part of the infrastructure, the Chinese are said to have been able to eavesdrop on political and industrial leaders in multiple countries.

Speaking to Reuters, the official said they believed a “large number” of American’s metadata was taken. When asked if that might include every Americans’ phone records, they said:

“We do not believe it’s every cell phone in the country, but we believe it’s potentially a large number of individuals that the Chinese government was focused on.”

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have been investigating the incident since late spring, but admitted that there are still many unanswered questions, including the extent of the breach itself.

They have been working with the telecom companies to remove the intruders, but the companies have not been able to fully remove the hackers from their systems.

Anne Neuberger, the US deputy national security adviser for cyber and emerging technologies stated the “Chinese access was broad in terms of potential access to communications of everyday Americans” but she said the hackers only targeted prominent individuals.

According to NBC news, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at CISA– both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.

If you plan to follow that advice, but are new to encrypted messaging, make sure to use an app that offers E2EE (End-to-end encryption). What that means is only the person sending it and the person receiving it can read it.

To achieve this, a message gets encrypted on your device before it is sent out. During transit the message remains encrypted the entire time it is moving across the internet.  Only when the message reaches the recipient’s device can it be decrypted and read.

You don’t need an expensive app to achieve this. Several popular messaging apps and services support end-to-end encryption, such as WhatsApp, Signal, iMessage, Wire, and Telegram.

The FBI official added:

“People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant multi-factor authentication for email, social media, and collaboration tool accounts.”

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

https://blog.malwarebytes.com/feed/

Leave a Reply