- CISA has published a notice for US government communications.
- Government Officials Encouraged to Lock Their Devices
- This follows the discovery that foreign actors have breached US telecommunications networks.
CISA has urged “highly targeted” individuals in the US government or in senior political positions to immediately review and implement strict security measures with their mobile devices.
This comes after several major US telecommunications companies were hit by security breaches in early 2024, likely originating from state-sponsored Chinese hackers.
Recent reports also confirmed that the group behind the attack, Salt Typhoon, has not yet been completely eradicated and is still lurking within American telecommunications networks.
Lock mode
As part of its advisory, CISA also published a best practices guide for mobile communications, which includes instructions on using end-to-end encryption, password managers, Fast Identity Online (a phishing-resistance authentication), and tips on how to migrate away from SMS-based multi-factor authentication.
CISA recommends iPhone users turn on ‘lockdown mode’, which strictly limits certain apps and makes many features unavailable to reduce the attack surface that attackers could exploit.
The scale of this attack makes it a serious concern for any high-ranking official, and major networks like Verizon, AT&T, and Lumen Technologies have been found to have threat actors with access inside their systems.
“Highly targeted individuals should assume that all communications between mobile devices – including government and personal devices – and Internet services are at risk of being intercepted or manipulated,” CISA said.
Communications remain an attractive target for foreign actors, as breaches can lead to significant disruptions and loss of sensitive data.
US communications in particular have been attacked this year, especially against government and political targets in the run-up to last month’s US election. A ‘hack and leak’ campaign hit President-elect Donald Trump during the election campaign in an attempt to compromise the campaign, resulting in two indictments against the suspected individuals.
Through registration
