The White House revealed Friday that a ninth telecommunications company has fallen victim to the extensive Salt Typhoon cyber attacks, which officials attribute to Chinese state-backed hackers. The discovery came as the government continues to assess damages from what appears to be a widespread espionage campaign.
Anne Neuberger, Deputy National Security Adviser for cyber and emerging technology, disclosed that the breaches stemmed largely from telecom companies' failure to implement basic cybersecurity measures. In one alarming case, attackers gained access to a single administrator account that controlled over 100,000 routers.
The hackers, believed to be working for China, specifically targeted individuals in the Washington D.C. area, including President-elect Donald Trump and Vice President-elect JD Vance. According to Neuberger, fewer than 100 individuals were directly impacted, though the full scope remains unclear as attackers erased activity logs during the intrusion.
"The reality is that telecom networks are not as defensible as they need to be against a well-resourced cyber actor like China," Neuberger stated during the briefing.
The White House outlined key areas requiring immediate improvement in telecom cybersecurity:
- Configuration management
- Vulnerability management
- Network segmentation
- Sector-wide information sharing
The administration expressed support for new Federal Communications Commission rules that would mandate stronger network security measures, similar to existing regulations in Australia and the United Kingdom. British officials indicated their regulations would have enabled faster detection and containment of attacks like Salt Typhoon.
As telecommunications companies work to remove the intruders, the White House warns that networks remain at risk until these critical security gaps are fully addressed. The government has provided affected companies with threat-hunting guides and system hardening instructions to prevent future breaches.