A Chinese hacking campaign that has spied on the texts and calls of U.S. citizens by hacking telecommunications companies is significantly larger than previously known to the public, a top White House official said Wednesday.
At least eight American telecommunications companies have been compromised, Anne Neuberger, a deputy national security adviser for cyber and emerging technology at the National Security Council, said in a press call Wednesday. U.S. officials had named three of the companies to NBC News: AT&T, Verizon and Lumen Technologies. The names of the other five companies are not known.
Neuberger said that “dozens of countries around the world” had been affected, and another official on the call said that hackers had accessed a large number of Americans’ phone data, though not everyone in the country, as part of an effort to identify people who could be likely targets for more invasive spying.
Advanced hacking teams can be persistent and lurk in remote corners of vast computer networks. The U.S. does not believe any of the U.S. telecoms have fully booted the hackers, Neuberger said.
“There is a risk of ongoing compromises to communications until U.S. companies address the cybersecurity gaps. The Chinese are likely to maintain their access,” she said.
China frequently denies responsibility when accused of using its vast cyberespionage teams to hack into Western targets. In an emailed statement, a spokesperson for China’s embassy in Washington said, “China firmly opposes the US’s smear attacks against China without any factual basis.”
While cybersecurity companies have for years warned of China targeting telecommunications systems around the world, the U.S. views this campaign, referred to by Microsoft’s nickname, Salt Typhoon, as beginning within the past two years.
On Tuesday, agencies in the U.S., as well as in key allies Australia, Canada and New Zealand, released a public guide for telecommunications companies to protect themselves from China’s hackers.
The cyberespionage campaign has given the hackers access to multiple types of information, including vast reams of call records, access to some specific phone calls, and systems where telecoms partner with law enforcement and intelligence agencies with a court order to access targets’ information.
On a press call Tuesday about Salt Typhoon, an FBI official said the hackers were primarily interested in the call records of people in the Washington, D.C., area.
The FBI is in the process of notifying all Americans whose calls it believes were compromised. The Harris and Trump presidential campaigns had told NBC News they were compromised, as was the office of Senate Majority Leader Chuck Schumer, D-N.Y.
The agency does not plan to notify all the Americans whose call records were accessed, however, the FBI official said.