Chinese Hackers Breached U.S. Telecom Company in 2023, Earlier Than Previously Reported
New findings reveal that Chinese state-sponsored hackers infiltrated an American telecommunications company in the summer of 2023—months earlier than officials had previously acknowledged. The breach, uncovered by corporate investigators, signals a deeper and earlier compromise of U.S. communications infrastructure than initially known.
According to a document shared with Western intelligence agencies and sources familiar with the investigation, malware linked to Chinese state-backed hacking groups was discovered on the company’s systems for at least seven months starting mid-2023. The malware remained undetected until late winter of 2024. The report did not identify the targeted telecom firm, only noting it provides services to the defense, travel, and logistics industries.
This breach predates the public disclosure of another major cyber campaign by a Chinese hacking group known as Salt Typhoon, which targeted major U.S. telecom companies such as AT&T and Verizon. U.S. intelligence had previously tied Salt Typhoon to a “multi-year operation” that compromised several telecom networks, exfiltrating data from millions of Americans and even targeting high-level political figures including Donald Trump, JD Vance, and Kamala Harris.
While it remains unclear whether the 2023 breach is directly linked to the Salt Typhoon operation, cybersecurity experts say the discovery raises troubling questions about when China’s cyber espionage efforts against U.S. telecom infrastructure truly began.
“We’ve long known that U.S. telecom infrastructure was vulnerable,” said cybersecurity expert Marc Rogers. “What this shows is that the threat wasn’t theoretical—it was active as early as 2023.”
The 2023 breach was discovered as part of the broader U.S. response to Salt Typhoon’s attacks in late 2024. Following a tip from intelligence agencies, investigators examined the company's systems and identified the presence of a rootkit known as Demodex—a stealthy, deep-access malware tool used by Chinese espionage actors.
Demodex has previously been linked to Chinese intelligence operations across Southeast Asia, including attacks on telecom networks in Thailand, Afghanistan, and Indonesia. Security experts say the malware is believed to be developed by contractors working with China’s Ministry of State Security.
Cybersecurity firm Armis, which has tracked the malware for years, confirmed that the group responsible for deploying Demodex had direct ties to the Chinese government. “This isn’t freelance hacking—it’s state-sponsored cyberespionage at a high level,” said Armis threat intelligence lead Michael Freeman.
Despite mounting evidence, Chinese officials pushed back against the allegations. In a statement, Chinese embassy spokesperson Liu Pengyu said it is difficult to attribute cyberattacks definitively and accused the U.S. of conducting its own cyber operations against China. “The relevant party needs to stop using cybersecurity to smear and slander China,” Liu said.
U.S. intelligence agencies—including the CIA, NSA, FBI, and CISA—declined to comment on the 2023 breach.
With these revelations, U.S. officials and the cybersecurity industry are facing renewed urgency to reassess how long Chinese operatives may have had access to critical American infrastructure—and what data may have already been compromised.
No comments:
Post a Comment