The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.
The attack and its significance was discovered in recent weeks and remains under active investigation by the U.S. government and private-sector security analysts. Investigators are still working to confirm the breadth of the attack and the degree to which the actors observed data and exfiltrated some of it, the people said.
The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said.
A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome.
Senior U.S. officials have for years warned about the economic and national security implications of China’s multipronged spying operations, which can take the form of human espionage, business investments and high-powered hacking operations.
More recently officials have been alarmed by alleged efforts by Chinese intelligence officers to burrow into vulnerable U.S. critical infrastructure networks, such as water-treatment facilities, power stations and airports. They say the efforts appear to be an attempt by hackers to position themselves in such a way that they could activate disruptive cyberattacks in the event of a major conflict with the U.S.
The Salt Typhoon campaign adds another piece to the puzzle.
Investigators are still probing the origins of the Salt Typhoon attack and are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet, The Wall Street Journal previously reported. A Cisco spokeswoman said earlier that the company is looking into the matter but has received no indication that Cisco routers were involved. The spokeswoman didn’t immediately respond to a request for comment Friday.
China has routinely denied allegations from Western governments and technology companies that it relies on hackers to break into foreign government and business computer networks.
In a statement, Liu Pengyu, a spokesman at the Chinese Embassy in Washington, said: “China firmly opposes and combats cyberattacks and cyber theft in all forms.”
Microsoft is investigating the new Salt Typhoon intrusion along with other cybersecurity companies and what sensitive information might have been accessed. Microsoft helps companies respond to cyber intrusions using data from its vast, globe-spanning network of hardware and software and has assigned some China-linked campaigns the Typhoon moniker.