US government agency warns employees about possible hacks of Chinese mobile phones
- The US federal agency warns against using cell phones for work calls
- Warning comes in the wake of the breach of several US telecom providers
- The attack is attributed to Salt Typhoon, which also compromised a number of ISPs
The Consumer Financial Protection Bureau (CFPB) has warned its employees that personal mobile devices should not be used for sensitive work conversations due to recent Chinese investigations into U.S. telecommunications networks.
The CFPB email acknowledges that “while there is no evidence that CFPB is the target of this unauthorized access, I ask for your compliance with these guidelines so that we reduce the risk of being compromised.”
The warning also extends to contractors working for the CFB, highlighting the scale of the attack on US telecom companies by the China-linked group, tracked as Salt Typhoon.
Telecom attack worries federal agencies
There is no indication as to exactly what data was stolen from the telecom providers, but initial reports suggest that call logs, plain text and some phone audio were exfiltrated by the attackers, including audio from a number of high-profile individuals linked to the attack. Harris and Trump are campaigning together with potentially hundreds of thousands of American citizens.
US officials are also reducing their phone use in response to the hack, with a former US official speaking to the Wall Street Journal (WSJ) states: “There is a general reluctance to use their cell phones.”
Salt Typhoon also managed to breach several Internet Service Providers (ISP) in early October, including Verizon, AT&T and Lumen, with the attackers also gaining access to a legal wiretap used by US authorities for surveillance.
As the WSJ notes, a federal agency issuing a specific warning against personal cell phone use indicates the depth and scope of the attacks.
“DO NOT perform CFPB work using mobile voice calls or text messages,” the CFPB email advised. The email also stated that employees should only use authorized online collaboration platforms such as Cisco WebEx and Microsoft Teams to make calls and send messages that contain non-public data.