By Raphael Satter
WASHINGTON (Reuters) -A large number of Americans’ metadata has been stolen in the sweeping cyberespionage campaign carried out by a Chinese hacking group dubbed “Salt Typhoon,” a senior U.S. official told journalists on Wednesday.
The official declined to provide specific figures but noted that China’s access to America’s telecommunications infrastructure was broad and that the hacking was still ongoing.
“We believe a large number of Americans’ metadata was taken,” said the official, who spoke to reporters on condition that their name be withheld. Pushed on whether that might include every American cell phone’s records, the official said: “We do not believe it’s every cell phone in the country, but we believe it’s potentially a large number of individuals that the Chinese government was focused on.”
Dozens of companies across the world had been hit by the hackers, the official said, including “at least” eight telecommunications and telecom infrastructure firms in the United States.
U.S. officials have previously alleged the hackers targeted Verizon (NYSE:VZ), AT&T (NYSE:T), T-Mobile, Lumen and others. T-Mobile has said no customer data was compromised in its case and Lumen said there is no evidence customer data was accessed on its network but, in at least some other cases, the hackers are alleged to have stolen telephone audio intercepts along with a large tranche of call record data.
Call record metadata is sometimes described as the who, what, when, and where of phone calls. It doesn’t include the content of a call but can include who a call was placed to, how long it lasted, and where it was made from. Even without the content, call record metadata — especially when captured in bulk — can reveal extraordinarily granular details about a person’s life, work, and intimate relationships.
The official said the White House had made tackling the Salt Typhoon hackers a priority for the federal government and that President Joe Biden had been briefed several times on the intrusions.
The press call occurred as U.S. government agencies held a separate, classified briefing for all senators on Salt Typhoon’s efforts to compromise American telecommunications companies.
The FBI, Director of National Intelligence Avril Haines, Federal Communications Commission Chair Jessica Rosenworcel, the National Security Council and the Cybersecurity and Infrastructure Security Agency were among the participants in the closed-door briefing, officials told Reuters.