December 5, 2024

FBI warns of broad and ongoing Salt Typhoon Telecom Breach

Americans should stop unencrypted texting on their iPhones or Androids

Executive Summary

A confluence of troubling developments has emerged as U.S. officials reveal that Chinese state hackers remain deeply embedded in telecommunications systems. Meanwhile, due to the ongoing breach, the FBI and CISA have taken the unprecedented step of warning Americans to abandon standard text and voice messaging in favor of encrypted communications. This move represents a fundamental shift in how organizations approach personal and corporate wireless device security.

The Ongoing Breach

The Salt Typhoon breach of most U.S. telecommunications providers, initially disclosed to have targeted the presidential campaigns of both Donald Trump and Kamala Harris, now appears to be just a part of an ongoing “broad and significant cyber espionage campaign,” according to CISA Executive Assistant Director Jeff Greene.  Greene confirmed the telecommunications compromise is “ongoing and likely larger in scale than previously understood.” “We cannot say with certainty that the adversary has been evicted because we still don’t know the scope of what they’re doing,” said Greene. Senior FBI officials believe the investigation timeline to uncover Salt Typhoon’s full presence in these systems will be “measured in years.”

So far, the investigation has confirmed that attackers  gained access to:

  • Individual voice call audio and text message content
  • Bulk customer call metadata and communication patterns
  • Law enforcement surveillance request data

FBI warns Americans to stop sending texts

In light of the ongoing breach, CISA and FBI officials have urged Americans to “use encrypted apps for all their communications.” In the press briefing, Greene added, “Our suggestion, what we have told folks internally, is not new here: encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”

Enterprise IP Targeted

Following Tuesday’s media briefing, Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, addressed reporters on Wednesday, stating they now believe that Chinese-state affiliated actors had, in addition to targeting people of political interest to the Chinese government, targeted key enterprise IP. “We believe this is intended as a Chinese espionage program focused, again, on key government officials, key corporate IP, so that will determine which telecoms were often targeted, and how many were compromised as well.” In the same address, Neuberger reiterated that Chinese-state affiliated actors are still in U.S. telecom networks and stated the breach has likely persisted for the last 1-2 years. Neuberger also revealed that officials now believe these attacks have impacted the telecommunications providers of multiple countries in the EU and the Indo-Pacific region, in addition to at least eight telco providers in the U.S.

Enterprise Impact Assessment

U.S. official’s broad warning of this breach’s potential impact on Americans exposes a critical enterprise security gap that demands immediate attention:

It doesn’t matter if it’s a personal or enterprise-controlled device. Smartphones record an incredible variety of information from their environment and transmit it over networks your organization does not control.

Organizations should establish policies to prevent personal or enterprise cell phones from being near sensitive information that could be (unknowingly) exfiltrated via the device’s voice, camera, or messaging capabilities.

  1. Communication Security Organizations must reevaluate their wireless communication security, particularly:
  • Executive communications protocols
  • Sensitive business discussions
  • Cross-border communications
  1. Threat Detection Capabilities Traditional network monitoring may miss wireless-based threats, necessitating:
  • Continuous wireless spectrum monitoring for real-time, precise wireless device location reporting integration into existing SIEM and physical security systems to enforce device policy near sensitive locations
  • Real-time anomaly detection
  • Enhanced visibility into wireless device behavior

Strategic Implications 

“We need to do some hard thinking long-term on what this means and how we’re going to secure our networks,” acknowledged CISA officials. This crisis represents more than just another data breach – it demonstrates fundamental vulnerabilities in how modern enterprises communicate.

The combination of compromised carrier networks and inherently insecure messaging platforms creates an urgent need for organizations to implement comprehensive wireless security monitoring. Without the ability to detect anomalous cellular activity, device presence, unauthorized connections, and potential compromises, enterprises remain blind to sophisticated attacks that bypass traditional security controls.

How Bastille Can Solve This Problem

Bastille Networks’ Wireless Airspace Defense Sensor Arrays allow organizations real-time visibility and anomaly reporting into the wireless devices transmitting in their environment. 

Bastille integrates into your existing SIEM solution and provides complete visibility alerting for:

  • Unauthorized cellular devices that could be exfiltrating sensitive information
  • Rogue access points that could intercept wireless traffic
  • Bluetooth connections that could create unauthorized data channels
  • Malicious wireless connections to your network infrastructure, like those seen with the recent APT28 Nearest-Neighbor attack

Contact Bastille today to learn how your organization can secure the vulnerabilities in your wireless airspace attack surface.

Close your cybersecurity gaps with AI-driven wireless visibility

See Bastille in action with a live demo from our experts in wireless threat detection.