Corporate investigators have reportedly discovered evidence that Chinese hackers infiltrated an American telecommunications company in the summer of 2023, suggesting that China’s attackers penetrated the U.S. communications system far earlier than publicly known.
Bloomberg reports that corporate investigators working for an unnamed U.S. telecommunications firm have uncovered that Chinese state-backed hackers had breached the company’s systems in the summer of 2023, nearly a year before the publicly disclosed Salt Typhoon espionage campaign targeting multiple US telecom providers. The discovery, which has not been previously reported, raises questions about the timeline of China’s foothold in the American communications industry.
According to two people familiar with the matter and an unclassified report seen by Bloomberg News, the investigators found that malware used by Chinese state-backed hacking groups had been present on the company’s systems for seven months, starting in the summer of 2023. The report, sent to Western intelligence agencies, does not name the compromised telecommunications company.
The 2023 intrusion predates the well-publicized Salt Typhoon campaign, which the US government has attributed to Chinese state-backed hackers. In the Salt Typhoon breaches, hackers infiltrated multiple major US telecommunications companies, including AT&T and Verizon Communications, siphoning personal data of millions of Americans and targeting the phones of high-profile individuals such as then-presidential candidate Donald Trump, his running mate JD Vance, and then-Vice President Kamala Harris.
The malware used in the 2023 breach, known as Demodex, is a rootkit that provides hackers with deep and secretive access to infected machines. Several cybersecurity companies have linked Demodex to Chinese hacking groups targeting telecommunications companies and governments in Southeast Asia. The malware has also been tied to the Salt Typhoon attackers and other hacking groups.
In the 2023 breach, hackers gained access to the computers of IT administrators at the targeted U.S. telecommunications company. The investigation revealed that the malware remained on the firm’s systems until late winter of 2024. Demodex is designed to leave few digital traces, making it challenging to determine the full extent of the hackers’ activities once inside the breached machines.
The Chinese government embassy in Washington emphasized the difficulty of determining the origins of hacks and accused the US and its allies of being responsible for cyberattacks on China. The embassy spokesperson, Liu Pengyu, called on the relevant party to “stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”
Read more at Bloomberg here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
