The metadata of many U.S. citizens has been stolen as part of the sprawling cyberespionage campaign by Chinese state-sponsored group Salt Typhoon that includes intrusions into the networks of at least eight U.S. telecoms and others in dozens of other countries.

U.S. officials continue to investigate the far-reaching cyberattack while putting safeguards in place in hopes of ensuring that a similar incident won’t happen again as countries like China, Russia, and Iran are expected to ramp up their cyber efforts against the country.

The attack by Salt Typhoon became public in September, when U.S. officials said that the threat group had accessed the networks of several U.S. internet service providers (ISPs), including Verizon, T-Mobile, AT&T, and Lumen Technologies. The extent of Salt Typhoon’s campaign has become clearer in recent months, with U.S. officials saying that the attackers have spent months inside the ISPs’ networks and that the campaign is still ongoing.

Officials with CISA and the FBI told reporters this week that the agencies have been investigating the breach of telecom networks since late spring and that the threat group, which also targeted officials associated with both presidential campaigns, had stolen huge amounts of phone call data and, in some instances, intercepted audio and text.

U.S. Citizens Victimized

This week, a senior U.S. official reportedly told journalists that metadata of a “large number” of Americans has been stolen by Salt Typhoon. The official, who spoke on the condition of anonymity, told reporters that “we do not believe it’s every cell phone in the country, but we believe it’s potentially a large number of individuals that the Chinese government was focused on,” according to a Reuters report.

Call record metadata doesn’t include the content of calls but can show such details as who made the call, where it was made from, and the length o the call, the news organization wrote.

At the same time, a number of federal agencies – including the Federal Communications Commission, National Security Council, CISA, and the FBI – briefed senators in a closed-door session, detailing information that reportedly raised even more concerns of lawmakers about the reach of the attack and why it wasn’t detected sooner.

Lawmakers React

Senator Ron Wyden (D-OR) told reporters after the meeting that he was drafting legislation about the issue, while Senator Richard Blumenthal (D-CT) said that the “extent and depth and breadth of Chinese hacking is absolutely mind-boggling – that we would permit as much as has happened in just the last year is terrifying.”

Among those briefing the senators were FCC Chair Jessica Rosenworcel and Director of National Intelligence Avril Haines.

U.S. Officials, Politicians Targeted

Anne Neuberger, deputy national security advisor for cyber and emerging technologies for the National Security Council, told reporters in a briefing that U.S. investigators believe the hackers also accessed the communications of top U.S. government officials and other political figures, though she added that it doesn’t appear that classified communications were compromised, according to the Associated Press.

Still, because many of the telecoms hacked haven’t yet been able to remove the attackers, Neuberger warned that “there is a risk of ongoing compromises to communications until U.S. companies address the cybersecurity gaps the Chinese are likely to maintain their access.”

CISA, FBI Issue Guidelines

CISA, the FBI, and the National Security Agency, along with international cyber agencies, this week released guidelines outlining the threat from Salt Typhoon and the Chinese government and “provide network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC [People’s Republic of China]-affiliated and other malicious cyber actors.”

The guidelines detail ways for organizations to increase visibility into their networks to better monitor for, detect, and defend against intrusions, harden their systems and devices, and report incidents to authorities. There also is a section specific to Cisco, with the agencies noting that they’ve seen China-linked hackers targeting particular features in the vendor’s products.

U.S. officials said President Biden has been kept up to date about the Salt Typhoon campaign and has made addressing it a priority.

Officials at the Chinese embassy in Washington have denied the accusations that the country was responsible for the hack.

Investigations Continue

CISA Director Jen Easterly said the Cyber Safety Review Board (CSRB), an independent panel that Biden created in 2021 as part of his cybersecurity executive order, will begin an investigation into the Salt Typhoon hacks this week. Easterly told reporters after the Senate briefing that “We wanted to make sure that we had a good understanding of what was happening, in terms of the scope and scale, and, quite frankly, most of the agencies who would be involved in the Cyber Safety Review Board are still involved in the incident response.”

She also said that it was important to kick off the investigation before the Christmas and New Year’s holidays to get a start on developing recommendations for strengthening the security of telecom networks. The recommendations also will be made before the new presidential administration takes over.

In another step to address the situation, a Senate Commerce subcommittee will hold a hearing about Salt Typhoon December 11 that reportedly will include Tim Donovan, CEO of the trade group Competitive Carriers Association.