US officials say hackers linked to the Chinese government are responsible for breaching security at major telecommunications companies and US agencies.
The latest hack, announced on Monday, targeted the US Department of the Treasury, which called the infiltration a “major incident”.
Officials said the hackers were able to access employee workstations and some unclassified documents. China denies involvement.
It’s the latest in a string of cyber-attacks that have emerged in recent months against US and other Western targets.
What’s been hacked?
The treasury department hack followed news in late October that the two major US presidential campaigns were targeted.
The FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) said the hack targeting the White House campaigns was carried out “by actors affiliated with the People’s Republic of China”.
In September, reports surfaced of an operation that managed to breach security at top telecommunications firms.
The White House recently said at least nine companies were hacked, including telecoms giants AT&T and Verizon.
And earlier in the year, in March, seven Chinese nationals were charged with running a hacking operation that lasted at least 14 years and targeted foreign critics of China, businesses and politicians.
Operations linked by Western governments to China have also targeted the UK’s Electoral Commission, and the UK and New Zealand parliaments.
Who are the hackers?
While full details have yet to be revealed, the hacks appear to be the work of several different units – each, US authorities say, linked to the Chinese state.
The hacking groups are given nicknames by security firms. For instance the group behind the telecoms hack is most commonly known by Salt Typhoon, the name given to it by researchers at Microsoft. Other firms have dubbed it Famous Sparrow, Ghost Emperor and Earth Estrie.
Salt Typhoon is thought to be behind the telecoms hack. A separate group, nicknamed Volt Typhoon, has been accused of breaking into critical infrastructure organisations for potential disruption attacks.
The seven Chinese citizens charged with hacking were linked by US justice department officials to an operation known as Zirconium or Judgment Panda.
The UK’s National Cyber Security Centre says the same operation targeted UK parliamentarians’ emails in 2021.
What was collected during the hacks?
The most recent hacks seem to have been aimed at powerful individuals and collecting data that could benefit the Chinese government.
Among others, they targeted the phones of President-elect Donald Trump, Vice-President-elect JD Vance, and people working for Vice-President Kamala Harris’s campaign.
The hackers have also accessed a database of phone numbers subject to law enforcement wiretaps – knowledge that experts say could be used to discover which foreign spies are under surveillance.
And millions of Americans may have had their data breached by the attacks on telecoms companies.
Richard Forno, assistant director of the University of Maryland, Baltimore County Cybersecurity Institute, said the Chinese efforts were being directed at a variety of targets.
“It’s more generic information gathering, let’s see what we can get into, and see what we can find,” he said.
How worried are US officials?
US lawmakers of both parties have expressed concern about the hacks.
Senator Mark Warner, a Democrat, called Salt Typhoon’s activities the “worst telecom hack in our nation’s history”.
Brendan Carr, Trump’s pick for chairman of the Federal Communications Commission, said an intelligence briefing about the hack was “deeply, deeply concerning”.
“The information I heard, it made me want to basically smash my phone at the end of it,” he told CNBC.
FBI Director Christopher Wray recently said that Salt Typhoon’s hack of telecoms companies was China’s “most significant cyber-espionage campaign in history”.
He previously said China’s hacking programme was bigger “than [that of] every other major nation combined”.
How have Western allies responded?
In addition to charges laid against the seven Chinese nationals, earlier this month US authorities warned China Telecom Americas, the US subsidiary of one of China’s largest communications companies, that it is a national security threat.
The company has 30 days to respond, and could ultimately face a ban.
In May, the UK sanctioned two individuals and Wuhan Xiaoruizhi Science and Technology Company Ltd, which it said was linked to Judgment Panda.
Trump’s incoming national security adviser Mike Waltz has said that foreign hackers must face “higher costs and consequences”.
Mr Forno, of the UMBC Cybersecurity Institute, said the hacks were probably years in the making.
“China traditionally takes a very long and strategic view of how they conduct their espionage and intelligence operations,” he said. “The US tends to be much more reactive and much more interested in immediate and visible results.”
What has China said?
China’s foreign ministry spokeswoman Mao Ning told a news briefing that the accusations were “baseless” and “lacking evidence”.
“China consistently opposes all forms of hacking and firmly rejects the dissemination of false information targeting China for political purposes,” Mao said.
A Chinese embassy spokesman said in a statement: “The US needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”
