(Credit: sarayut Thaneerat/Getty Images)
AT&T and Verizon are no longer seeing activity from "Salt Typhoon" hackers on their networks.
The Chinese hacking group has hit at least nine US telecom companies as part of a months-long effort to spy on the communications of top politicians.
Earlier this month, Deputy National Security Adviser Anne Neuberger said none of the affected firms had "fully removed the Chinese actors from [their] networks." That came a few weeks after Senate Intelligence Chairman Mark Warner called the incident the "worst telecom hack in our nation's history—by far," and said booting the Chinese hackers would require physically replacing thousands of outdated routers and switches inside US telecommunication networks.
As of Monday, Verizon and AT&T both say they are no longer dectecting any Salt Typhoon activity on their networks and say the threat is contained for now.
"We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident," says Vandana Venkatesh, Verizon’s Chief Legal Officer.
"An independent and highly respected cyber security firm has confirmed the Verizon containment," a Verizon spokesperson adds.
According to AT&T: "We detect no activity by nation-state actors in our networks at this time."
AT&T pledged to "continue to work closely with government officials, other telecommunication companies, and third-party experts on the investigation of this nation-state action," and said it's "monitoring and remediating our networks to protect our customers’ data."
AT&T placed the blame on the People’s Republic of China, which it said "targeted a small number of individuals of foreign intelligence interest." Verizon's statement didn't call out China, but it said a "small number of high-profile customers in government and politics were specifically targeted" by a nation-state threat actor.
Both carriers have notified affected customers.
In late November, T-Mobile said it had "detected attempts to infiltrate our systems by bad actors" in the previous weeks, originating "from a wireline provider’s network that was connected to ours." T-Mobile severed connectivity to that provider "as we believe it was – and may still be – compromised," the carrier said at the time.
"Our defenses protected our sensitive customer information, prevented any disruption of our services, and stopped the attack from advancing," T-Mobile added. "Bad actors had no access to sensitive customer data (including calls, voicemails or texts).
"We cannot definitively identify the attacker’s identity, whether Salt Typhoon or another similar group, but we have reported our findings to the government for assessment," it concluded.