A recent corporate investigation indicated that Chinese hackers breached American telecommunications firms in the summer of 2023, suggesting these attacks occurred much earlier than previously disclosed. A report revealed that a hacker group tied to the Chinese government infiltrated one unnamed US telecom company nearly a year before the well-documented Shiotokitai spying incident, which affected multiple US telecom providers. These previously undisclosed findings raise concerns about the extent and timing of China’s involvement in the US communications sector.
Sources familiar with the matter and Bloomberg News reported that investigators found malware associated with Chinese state-sponsored hacking groups within the company’s systems, detected for a span of seven months beginning in the summer of 2023.
This incident predates the widely recognized salt typhoon campaign, which led to significant data breaches involving AT&T, Verizon, and millions of Americans, along with targeted attacks on high-profile individuals, including then-presidential candidate Donald Trump.
The malware known as Demodex, a rootkit, allows for deep access to affected systems. Various cybersecurity firms have linked this malware to Chinese hacking efforts aimed at telecommunications and government targets in Southeast Asia. It’s also tied to the salt typhoon attackers and other similar groups.
During the 2023 attack, hackers accessed the systems of IT administrators at targeted US telecom firms, and the investigation revealed the malware persisted in these systems until late winter 2024. Demodex is designed to create minimal digital footprints, complicating efforts to gauge the full scope of any compromises once inside a machine.
The Chinese embassy in Washington commented on the challenges of tracing the origins of such hacks, suggesting that the US and its allies might be responsible for cybersecurity breaches attributed to China. Embassy spokesman Liu Pengyu urged parties involved to refrain from using issues of cybersecurity to malign China, emphasizing the need to stop spreading disinformation regarding the so-called Chinese hacking threats.
