Recent reports reveal that Chinese hackers have compromised U.S. telecommunications companies, raising concerns about the privacy of phone and text data. The breach, initially reported by The Wall Street Journal in September, has been under FBI investigation since August. In a recent advisory, the FBI warned that the attackers may still be active within these networks.

How does this impact me?
In 2024, major breaches like National Public, Change Healthcare, and AT&T have made it clear: most US citizens can no longer assume their personal data and communications are private. With AI and advanced search tools, this data is easily accessible. This latest news underscores the importance of staying vigilant in protecting yourself, your business, and your loved ones.

Users are warned against relying on text messages for security and secure communications as they are vulnerable to interception. Closed systems like Apple’s iMessage, Android Messaging, WhatsApp, Signal, Slack, and Teams offer more secure and encrypted communication. Messages exchanged between Apple and Android devices, which often use unencrypted open systems, are particularly at risk. This vulnerability underscores the danger of using SMS text messages and phone calls for multi-factor authentication (MFA).

What do I need to do?

• Advise users not to respond to unsolicited text messages from unknown senders. Fraudsters are using familiar and contextual text messages to trick users into responding. This can lead to fraud and system compromise.
• Advise users to report suspicious emails, calls, or text messages claiming to be from entities like Google, Apple, or banks. Never share personal information, click links, or download files. Instead, contact support directly via the institution’s official website and published phone number.
• Switch accounts that use text message multi factor authentication to an authenticator app with number matching or time-based one-time passwords (TOTP) or Passkeys. Start with critical accounts like banking and other financial services to enhance security.
• Use secure communications apps for private or sensitive communications between friends and family. WhatsApp and Signal are great free tools for secure private communications.
• Consider creating a secure code word or phrase to be used when communicating during urgent or emergency business or familial communications to limit the possibility of manipulation by attackers.
• Use a password manager to store and manage all your passwords https://www.wired.com/story/best-password-managers/
• Setup protections for your mobile phones to prevent SIM swapping:  https://www.experian.com/blogs/ask-experian/how-to-protect-yourself-from-sim-swapping/

Additional Resource and Details:

• https://www.politico.com/news/2024/12/03/chinese-hack-global-telecom-ongoing-00192410
• https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694
• https://www.securityweek.com/chinas-salt-typhoon-hacked-att-verizon-report/
• https://www.securityweek.com/cisa-fbi-confirm-china-hacked-telecoms-providers-for-spying/
• https://www.pbs.org/newshour/world/at-least-8-u-s-telecom-firms-were-hit-by-chinese-hacking-campaign-white-house-says
• https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-and-partners-release-joint-guidance-prc-affiliated-threat-actor-compromising-networks-global
• Passkeys: https://www.darkreading.com/identity-access-management-security/how-to-get-started-using-passkeys
• Signal App: https://signal.org/
• WhatsApp: https://www.whatsapp.com/