Telecommunications giants AT&T and Verizon have officially confirmed that their networks were targeted by Salt Typhoon, a cyberespionage group linked to China. Both companies state that they have successfully contained the breaches and secured their infrastructure against further unauthorized access.
Containment and Current Network Status
AT&T spokesperson Alexander Byers confirmed on Monday that the company currently detects no active presence of nation-state actors within its systems. Similarly, Verizon reported on Sunday that it has neutralized the cyber incident. According to Verizon, the containment of the threat was validated by a prominent third-party cybersecurity firm, though the name of the firm remains undisclosed.
“Immediately upon learning of this incident, Verizon took several key actions to protect its customers and its network, including partnering with federal law enforcement and national security agencies,” said Vandana Venkatesh, Verizon’s chief general officer.
Scope of the Salt Typhoon Espionage
While the full extent of the intelligence gathered by the hackers remains under investigation, both telecom providers provided insights into the nature of the targets. AT&T noted that the attackers focused on a limited number of individuals of specific foreign intelligence interest, with only a small volume of user data being compromised.
Verizon disclosed that the campaign specifically aimed at high-profile government customers. This acknowledgment marks the first time both companies have publicly admitted to being victims of the Salt Typhoon campaign, which reportedly compromised several major U.S. internet and phone service providers to facilitate intelligence gathering.
Broader Impact on U.S. Infrastructure
The Salt Typhoon breach is part of a wider pattern of attacks targeting the U.S. telecommunications sector. Officials recently confirmed that at least nine providers have been infiltrated by the group, including Lumen and T-Mobile.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, recently highlighted the severity of these intrusions. She disclosed that one of the affected telecommunications entities suffered a breach involving an administrator account, which granted the attackers potential access to over 100,000 routers, underscoring the critical nature of the security threat posed by the group.