In response to a sophisticated cyberattack on major U.S. telecom providers, including AT&T and Verizon, the Cybersecurity and Infrastructure Security Agency (CISA) has released updated security guidance in collaboration with the NSA, FBI, and international partners from Australia, Canada, and New Zealand.
The attack, attributed to the China-affiliated advanced persistent threat (APT) group Salt Typhoon, targeted telecom operators, compromising sensitive customer call records and stealing data related to government and political activities. The breaches, initially reported in October 2024, continued undetected for months, highlighting critical vulnerabilities in telecommunications infrastructure.
Salt Typhoon’s operation reportedly extended to data subject to U.S. law enforcement court orders, raising concerns over the security of sensitive governmental and legal communications. The campaign underscores the urgent need for stronger cybersecurity measures in critical infrastructure sectors.
The new guidance aims to equip communication service providers (CSPs) and network engineers with actionable steps to identify anomalies, address vulnerabilities, and respond to incidents. The recommendations include secure configuration practices, enhanced monitoring for suspicious activity, and reducing exposure to entry points.
CISA’s Jeff Greene emphasized the importance of adopting Secure-by-Design principles, urging software manufacturers to embed robust security measures in their development lifecycle. “PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses,” Greene stated.
The guide also includes detailed advice for network engineers, such as monitoring device configurations, implementing network segmentation, and securing VPN gateways. Specific recommendations for Cisco systems, known to have been exploited in the attack, highlight the urgency for operators of critical national infrastructure (CNI) to adopt these measures promptly.
“These hacks remind us that our domestic communications infrastructure is critical to national security,” said Tim Perry, head of strategy at Prepared. “State actors have the resources to exploit vulnerabilities and infiltrate sensitive networks, making updated cybersecurity measures imperative.”
The full guidance is available on the CISA website, urging immediate action to protect against evolving cyber threats.
To delve deeper into this topic, please read the full article Computer Weekly.
