White House links ninth telecom breach to Chinese hackers
A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.
The Salt Typhoon Chinese cyber-espionage group who orchestrated these attacks (also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) is known for breaching government entities and telecom companies throughout Southeast Asia and has been active since at least 2019.
The White House's deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters today that this new victim was discovered after the Biden administration released guidance to help defenders spot Chinese hackers' activity in their networks.
"The reality is that China is targeting critical infrastructure in the United States. Those are private sector companies, and we still see companies not doing the basics," Neuberger said, according to Bloomberg. "That's why we're looking forward and saying 'Let's lock down this infrastructure.' And frankly, let's hold the Chinese accountable for this."
Neuberger first told reporters during an early December press briefing that the Chinese hacking group had breached eight U.S. telecoms and carriers in dozens of other countries.
The White House official added that "at this time, we don't believe any classified communications have been compromised," while a senior CISA official stated that they couldn't "say with certainty that the adversary has been evicted."
Since this wave of telecom breaches affecting dozens of countries has been disclosed, CISA has urged senior government officials to switch to end-to-end encrypted messaging apps like Signal to communication interception risks and released guidance to help telecom admins and engineers harden their systems against Salt Typhoon attacks.
Earlier this month, the New York Times reported that the Biden administration will ban China Telecom's last active U.S. operations in response to Chinese state hackers breaching multiple U.S. telecom carriers. The U.S. government is also considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk.
In addition, U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecoms, and FCC Chairwoman Jessica Rosenworcel said the agency would act "urgently" to ensure that U.S. carriers are required to secure their infrastructure.
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumHTTP Only Site
MediumRelative Path Confusion
InformationalGET for POST
HighPath Traversal
InformationalSec-Fetch-Site Header Has an Invalid Value
InformationalRetrieved from Cache
Free online web security scanner