CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack

The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”

Volt Typhoon botnet

The US government’s Consumer Financial Protection Bureau (CFPB) is directing employees to minimize the use of cellphones for work-related activities, following an intrusion into major telco systems attributed to Chinese government hackers.

According to a Wall Street Journal report, the agency sent an email to all employees and contractors with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”

The warning comes on the heels of a series of hacks into US telcos and broadband providers blamed on Salt Typhoon, a Chinese government-backed cyberespionage hacking operation. The group has reportedly broken into companies like Verizon, AT&T and Lumen Technologies and has used that access to surveil politicians and critical communications systems.

“While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised,” the CFPB said in the email.

The Journal said the CFPB’s security leadership has advised staff to avoid discussing nonpublic data via voice calls or text messages on either work-issued or personal phones. Instead, government employees were instructed to use secure platforms like Microsoft Teams and Cisco WebEx to mitigate risks. 

While the CFPB confirmed no direct targeting of its systems, the directive aligns with federal concerns over the scope of the Salt Typhoon intrusions that has ensnared sensitive communications of key U.S. government officials, senior policymakers, and political figures. 

According to reports, the Chinese hacking team has already siphoned data on calls  recorded phone audio from high-value targets in the US, including individuals associated with both US presidential campaigns.

Technical details and official information on the Salt Typhoon intrusions are being kept under wraps. 

Related: China’s Salt Typhoon Hacked AT&T, Verizon: Report

Advertisement. Scroll to continue reading.

Related: Censys Finds Exposed Servers as Volt Typhoo Targets Service Providers

Related: China’s Volt Typhoon Exploiting Zero-Day in Servers Used by ISPs, MSPs

Related: Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.