SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack

The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”
Chinese APT

The US government’s Consumer Financial Protection Bureau (CFPB) is directing employees to minimize the use of cellphones for work-related activities, following an intrusion into major telco systems attributed to Chinese government hackers.

According to a Wall Street Journal report, the agency sent an email to all employees and contractors with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”

The warning comes on the heels of a series of hacks into US telcos and broadband providers blamed on Salt Typhoon, a Chinese government-backed cyberespionage hacking operation. The group has reportedly broken into companies like Verizon, AT&T and Lumen Technologies and has used that access to surveil politicians and critical communications systems.

“While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised,” the CFPB said in the email.

The Journal said the CFPB’s security leadership has advised staff to avoid discussing nonpublic data via voice calls or text messages on either work-issued or personal phones. Instead, government employees were instructed to use secure platforms like Microsoft Teams and Cisco WebEx to mitigate risks. 

While the CFPB confirmed no direct targeting of its systems, the directive aligns with federal concerns over the scope of the Salt Typhoon intrusions that has ensnared sensitive communications of key U.S. government officials, senior policymakers, and political figures. 

According to reports, the Chinese hacking team has already siphoned data on calls  recorded phone audio from high-value targets in the US, including individuals associated with both US presidential campaigns.

Advertisement. Scroll to continue reading.

Technical details and official information on the Salt Typhoon intrusions are being kept under wraps. 

Related: China’s Salt Typhoon Hacked AT&T, Verizon: Report

Related: Censys Finds Exposed Servers as Volt Typhoo Targets Service Providers

Related: China’s Volt Typhoon Exploiting Zero-Day in Servers Used by ISPs, MSPs

Related: Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Written By

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

MongoDB has appointed Doug Bowers as Chief Information Security Officer.

Ben Wilkens has been promoted to Director of Cybersecurity at NMFTA.

Cato Networks has appointed Meital Koren as Chief Legal Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.