Viasat Inc. is the latest US communications company identified as a victim of the sweeping surveillance hack blamed on the Chinese government that emerged during last year’s presidential campaign, according to people familiar with the matter.
The breach of the California-headquartered satellite and wireless networking company was discovered earlier this year and Viasat has been working with the government in the aftermath, some of the people said. Verizon Communications Inc., AT&T Inc. and Lumen Technologies were previously identified as being hit by the attack.
The surveillance campaign, run by a group that Microsoft Corp. dubbed “Salt Typhoon,” was one of the broadest and most sophisticated hacks carried out by Chinese state-affiliated attackers, US officials say. It swept up tens of millions of phone records, including those of then-presidential candidate Donald Trump and members of both campaigns.
“Viasat and its independent third-party cybersecurity partner investigated a report of unauthorized access through a compromised device,” the company said in a statement. “Upon completing a thorough investigation, no evidence was found to suggest any impact to customers.”
It did not address any impact on its networks but in a follow-up statement said additional information on the government’s investigation was too sensitive to share publicly.
“Viasat believes that the incident has been remediated and has not detected any recent activity related to this event,” the company said.
The Federal Bureau of Investigation has been working with targeted companies. Brett Leatherman, the new head of the FBI’s cyber division, declined to comment on the identity of the hack’s victims, including Viasat, when asked in a recent interview.
But he said the operation enabled hackers to gain access to tools used by US law enforcement to monitor and surveil persons of interest, as well as to collect call records and compromise the communications of people in government and politics.
Viasat provides in-flight internet for commercial jets and communications support “across air, land, and sea” for governments around the world, according to its website. It also reported having about 257,000 home internet subscribers last summer, and competes with the likes of SpaceX’s Starlink and EchoStar’s Boost Mobile to provide direct-to-cellular mobile service.
‘Direct Involvement’
Viasat was previously hit by a cyberattack about an hour before Russia invaded Ukraine in February 2022. The primary target was thought to be the Ukrainian military, the UK’s National Cyber Security Centre said at the time, but thousands of customers in Ukraine and elsewhere in Europe were affected by the outage. Months later, the US joined the UK and other European allies to accuse Russia of being behind the operation.
Beijing has repeatedly denied US allegations of its involvement in Salt Typhoon, which was first reported by The Wall Street Journal last year. In January, the US sanctioned a Chinese firm accused of “direct involvement” in the infiltrations along with the country’s Ministry of State Security.
After months of investigation to establish targets and track the numbers that were spied on, the FBI says it now has firmer estimates of how many people were impacted since they began investigating: some 100 million records belonging to 1.3 million users, mostly in the Washington, DC area.
Much of the Salt Typhoon activity they discover is ‘historical’ in nature, Leatherman said in his first interview since taking on the role. The actors appear to have gone dormant since the revelations.
“Just because we don’t see it every day, doesn’t mean it’s not there,” he said.
Leatherman said the FBI also continues to see an international nexus to the activity.
“Since we opened this investigation last year, we have been very engaged with our Five Eyes partners and our partners abroad, Europe in particular,” he said, referring to the intelligence partnership the US has with the UK, Australia, Canada and New Zealand.
‘Every Field Office’
Leatherman also said there’s been “no reduction in resources” to the FBI’s cyber division, even after the agency saw several high-profile departures in recent weeks, including its most senior cyber officials. “We still have cyber task forces in every field office,” he said.
Elsewhere in government, the absence of cyber officials is glaring and could prove problematic in probes into any future widespread hacks.
Top personnel at the National Security Agency were fired in April and have yet to be formally replaced, and there are delays in the confirmation of people to lead the Office of the National Cyber Director and the Cybersecurity Infrastructure Security Agency, the government’s cyber agency.
The Cyber Safety Review Board, which was probing the Salt Typhoon hack, was dissolved soon after Inauguration Day. It’s unclear whether the board will re-form or what the status of the investigation is. The Department of Homeland Security did not respond to a request for comment.
At the FBI, Leatherman said FBI Director Kash Patel has made countering the Chinese Communist Party a top priority.
Hacks such as the one by Salt Typhoon are “deliberate campaigns with geopolitical consequences, especially when you look at them in the aggregate,” he said. “They can take this data and put it together and come up with a better intelligence picture, which is what the CCP wants.”
Photo: Photographer: Al Drago/Bloomberg