Chinese government linked to hacking at telecommunication companies

The U.S. government is urging senior government officials and politicians to not place unprotected phone calls and text messages following cyber break-ins at major American telecommunications companies blamed on Chinese hackers.

In written guidance released this week, the Cybersecurity and Infrastructure Security Agency said “individuals who are in senior government or senior political positions” should “immediately review and apply” a series of best practices around the use of mobile devices.

The first recommendation: “Use only end-to-end encrypted communications.”

End-to-end encryption protects data, making it readable only by the sender and the recipient. This feature is built into chat apps like WhatsApp, iMessage, and Signal, as well as corporate tools like Microsoft Teams and Zoom.

Regular phone calls and text messages are not end-to-end encrypted, meaning they can be monitored by phone companies, law enforcement, or hackers who breach phone networks.

One such hacking group, known as “Salt Typhoon,” is allegedly backed by the Chinese government, though Beijing denies the claims. U.S. officials say Salt Typhoon has hacked at least eight telecom companies in the U.S., stealing large amounts of Americans’ metadata.

Democratic Senator Ben Ray Lujan called it possibly the largest telecommunications hack in U.S. history. Officials are still investigating, with agencies at different stages of their responses.

Jeff Greene, a cybersecurity official with the Cybersecurity and Infrastructure Security Agency (CISA), said this hack is part of a broader Chinese effort to target critical infrastructure, including utilities. Greene emphasized the need for long-term defense against such attacks.

Digital safety experts recommend using end-to-end encryption for secure communication. Cooper Quintin, a technologist at the Electronic Frontier Foundation, praised this advice but raised concerns about government officials being advised to avoid the regular phone network.

Other tips include avoiding text messages with one-time passwords, such as those sent by banks, and using hardware keys to guard against phishing attacks.

Tom Hegel, a researcher at cybersecurity firm SentinelOne, supported CISA’s recommendations. He noted that hackers from various groups-not just Chinese actors-rely on unsecured communications and will lose access if people adopt stronger security measures.