China Spied on YOU for Five Years

You may have heard of the Chinese cyberattack on American telecommunications giants like AT&T, Verizon and Lumen (AKA Qwest or US West). Between 2019 and AT LEAST 2024, they had free reign to listen in to conversations like Trump, Kamala Harris and millions of ordinary people, but the scope is getting much bigger.

While the FBI is still trying to get its arms around the Chinese cyber attacks, the FBI is confirming that Chinese have compromised AT LEAST 200 companies in 80 countries. Think about the scale of that for a minute.

Remember that we are used to those cyberattacks with a loud boom. Ransomware. Land Rover shuts down factories. Hospitals all over the country diverting ambulances and resorting to pencils and paper. Salesforce. And many others. The smart attacks are very quiet. Sneak in. Don’t make any waves. Just steal incredible quantities of data year after year. That is what the Chinese Ministry of State Security (MSS) wants. If you go in there with guns blazing (encrypting data, demanding ransoms), it will make the news, but it will be over quickly. Consider the recent Vegas casino cyber attacks. They shut out the Chinese in hours. Granted it took them a few weeks to get their legs back under them, but it is a one and done attack. Imagine, instead, that you were to sneak in, steal data for five years and not be detected.

They could even map where you and I were going in real time based on the data they were stealing. In fact, they were getting so much data they weren’t sure, YET, how to use it all.

Three Chinese MSS vendors are key players: Sichuan Juxinhe Network Technology Co Ltd., Beijing Huanya Tianqiong Information Technology Co, Ltd. and Sichuan Zhixin Ruije Network Technology Co., Ltd. We finally know who some of the key players are. Of course, China is not exactly going to hand them over to us. No more than the NSA would turn over our spies to China.

While China initially focused on the telecom carriers, they expanded. Digital Realty Trust, a company that owns data center in 25 countries and who serves clients like Amazon, Google, Microsoft and Nvidia, was a victim. Another victim was cable and Internet giant Comcast. This potentially gave China access to data that went over more private networks, that did not go over the global Internet.

They even hacked the Army National Guard. They were not detected for nine months. The data of our service men and women was stolen. And, of course, the Guard had trusted access to other government networks.

The real question is where are they still infecting other networks, undetected.

Of course, Salt Typhoon is only one of a myriad of Chinese cyberwar operations. Other members of the Typhoon (China) naming convention family that have been made public are Volt Typhoon, Flax Typhoon and Silk Typhoon. How many others are not publicly known?

The FBI and what is left of CISA (remember they said last week that because of the President’s cuts and people jumping ship, they are down 40 percent in staff and many of those are actually the experienced ones – the ones who could quit and have three job offers for more money before they reached the front door) are trying to root this out, but they are definitely outgunned, even though they won’t publicly admit it.

Of course, this is not a uniquely American problem. The Chinese are going after anyone they can get to.

According to Recorded Future, between December 2024 and January 2025, Salt Typhoon targeted more than 1,000 unpatched Cisco routers, successfully infiltrated five more telecommunications companies, compromised two more US companies and targeted universities like UCLA, Loyola Marymount and Utah Tech.

There are things that you can do to help yourself. Individually, this includes using end to end encrypted messaging and strengthening authentication.

For companies this means doing a much QUICKER job of patching, understanding that, occasionally, you will break something. Improving network monitoring AND INCIDENT RESPONSE. With the right tools you can get response to incidents down to under a minute. That is something that folks like Land Rover wished they had. And also, tightening down identity management and data access controls.

The government needs to do their part too. The FCC needs to step up to the plate, not step away. We need enhanced security requirements like the DoD is finally doing after at least 40 years that I have been involved with DoD security and more.

If this scares you, it should. If you don’t think you can fix this by yourself, you are probably right. Please contact us; we are here to help you on the journey.

Credit: Breached Company

by