(Bloomberg) -- A White House official said Friday the US identified a ninth telecommunications company impacted by a wide-ranging Chinese espionage effort and that further steps are planned to curb cyberattacks from Beijing.
As the Biden administration learns about the scope and scale of the so-called Salt Typhoon breach which it attributed to China, officials are laying the blame on companies that were slow to identify the attack.
“The reality is that China is targeting critical infrastructure in the United States. Those are private sector companies, and we still see companies not doing the basics,” Anne Neuberger, the deputy national security advisor for cyber and emerging technologies, told reporters Friday.
“That’s why we’re looking forward and saying ‘Let’s lock down this infrastructure,’” she added. “And frankly, let’s hold the Chinese accountable for this.”
The Commerce Department this month moved ahead with a ban of China Telecom and, according to Neuberger, similar actions will be released in the next month.
Salt Typhoon is the name given to the hacking group behind the attacks. Microsoft Corp. assigns cyberthreat actors different names, to better identify and reference incidents, with the moniker “typhoon” used for activity originating from or attributed to China.
Neuberger said one of the nine telecoms breached involved an administrator account that had access to over 100,000 routers.
“So when the Chinese compromised that account, they gained that kind of broad access across the network. That’s not meaningful cybersecurity to defend against the nation-state actors,” Neuberger added.
The US still doesn’t have an exact assessment of how many Americans were targeted, Neuberger said. A large number of individuals were affected by geolocating around the Washington, DC, and Virginia area — but fewer than 100 individuals’ phone calls and texts were hacked, she said.
The Federal Communications Commission is voting on a rule in mid-January that would help protect America’s critical infrastructure, Neuberger said. She said the General Services Administration is reviewing government contracts to require better cybersecurity practices.
Neuberger also cited an alarming increase in the number of health-related hacks that exposed Americans’ health-care information and left them vulnerable to blackmail and said that the Department of Health and Human Services will propose new rules to protect medical data.
(Adds origin of Salt Typhoon designation in sixth paragraph.)
©2024 Bloomberg L.P.