Unveiling the 2023 Chinese Hack on US Telecommunications: A Closer Look at the Demodex Malware Breach

A recent investigation by corporate investigators revealed that Chinese hackers had infiltrated an American telecommunications company in the summer of 2023, much earlier than previously known. The hackers, believed to be state-backed Chinese groups, planted malware on the company's systems for seven months. The specific company affected was not disclosed, but the breach raises concerns about the vulnerability of the US communications industry.
The intrusion in 2023 occurred before the US government and cybersecurity firms detected signs of Chinese hackers targeting major phone and wireless companies in the country. The subsequent breaches, attributed to a Chinese hacking group called Salt Typhoon, targeted several US telecommunications firms, including AT&T Inc. and Verizon Communications Inc., compromising personal data and targeting high-profile individuals.
The discovery of the 2023 breach came during the response to the Salt Typhoon hacks, following a tip from US intelligence agencies. The malware used in the attack, known as Demodex, is a sophisticated rootkit that provides deep access to infected machines. Demodex has been linked to Chinese hacking groups targeting telecommunications companies in Southeast Asia and has been used in previous attacks.
The malware was developed by individuals associated with the Chinese Ministry of State Security, according to cybersecurity experts. In the case of the 2023 breach, the hackers gained access to the company's IT administrators' computers and remained undetected until early 2024. The malware was designed to evade detection and disable security programs temporarily to conceal its activities.
The report on the breach identified the affected company as having ties to the defense, travel, and logistics industries. The exact extent of the hackers' actions within the compromised systems remains unclear due to the stealthy nature of the Demodex malware. Microsoft's security program, Defender, was temporarily disabled by the malware to avoid detection and facilitate future malicious activities.
The Chinese government has denied allegations of cyberattacks and emphasized the challenges of attributing hacks to specific actors. The ongoing cybersecurity threats highlight the need for increased vigilance and collaboration between government agencies and private companies to safeguard critical infrastructure and sensitive data.