Sunday, July 27, 2025
Latest:
The Register

Senator to Google: Give us info from telco Salt Typhoon probes

TH Author

US Senator Maria Cantwell (D-WA) has demanded that Google-owned incident response firm Mandiant hand over the Salt Typhoon-related security assessments of AT&T and Verizon that, according to the lawmaker, both operators have thus far refused to give Congress.

AT&T and Verizon’s networks were among those breached by China’s Salt Typhoon, potentially giving Beijing long-term, persistent access to critical US networks.

“In December 2024, AT&T and Verizon both claimed that their networks were secure, but only weeks before the companies made those announcements, the U.S. government warned the breach was so significant it made it ‘impossible’ for agencies ‘to predict a time frame on when we’ll have a full eviction,'” the Democratic senator from Washington state wrote in a July 23 letter [PDF] to Mandiant Executive VP Sandra Joyce.

To get a better idea of whether the telecoms firms’ claims are true, Cantwell last month sent a letter to both AT&T and Verizon requesting information about steps they took to secure their networks. Both companies told her that Mandiant had conducted security assessments following the Salt Typhoon intrusions, but the telcos refused to hand them over, according to the senator. 

“This response only heightens my concerns about AT&T’s and Verizon’s current security posture, as they are either unwilling or unable to provide specific documentation that would corroborate their claims that their networks are secure,” Cantwell wrote. 

So instead, Cantwell has asked Mandiant to provide these documents by August 6. Specifically, the senator wants the incident response firm to share with Congress:

  • A copy of all reports, assessments, and analyses Mandiant conducted for AT&T and Verizon, respectively, in response to the Salt Typhoon attacks. 
  • A list of any recommendations by Mandiant that have not been fully addressed by AT&T or Verizon in response to the Salt Typhoon attacks. 
  • All records related to the costs and expenses of Mandiant’s work for AT&T and Verizon, respectively, in response to the Salt Typhoon attacks. 

The Register reached out to Mandiant, AT&T, and Verizon to confirm the existence of these security assessments, and to ask if they planned to submit them to US lawmakers for review. AT&T declined to comment, and the other two firms did not respond. We will update this story if and when we hear back from them.

It’s highly unlikely, however, that American networks have fully eradicated the Chinese spies and locked all of their backdoors into US-based IT systems.

In February, two months after AT&T and Verizon confirmed that Chinese government-backed snoops accessed portions of their systems earlier in 2024, Recorded Future’s Insikt Group documented Salt Typhoon compromises in at least seven devices linked to global telecom providers and other orgs.

Plus, the PRC snoops “possibly targeted” more than a dozen universities, including the University of California, Los Angeles, to access research related to telecommunications, engineering, and technology, according to the infosec shop.

Then, in June, SecurityScorecard’s strike threat analysts told The Register that the team uncovered an ongoing campaign, designed to gain long-term access to networks that bears all the markings of one of China’s “Typhoon” crews.

The Cyber Safety Review Board (CSRB), under the Department of Homeland Security umbrella, had been investigating Salt Typhoon, and how the Chinese cyber spies penetrated US government and telecommunications networks, prior to the board’s dissolution on President Trump’s first day in office.

Also last month, a group of Democratic senators urged Homeland Security Secretary Kristi Noem to reestablish the CSRB, in large part so the board could finish its Salt Typhoon probe. ®

READ MORE HERE