The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent guidance for government and political officials to adopt end-to-end encrypted messaging applications following widespread telecom breaches across multiple countries, including eight U.S. carriers.
The breaches, attributed to the Chinese-backed threat group Salt Typhoon (also known as Ghost Emperor), affected major telecommunications providers including T-Mobile, AT&T, Verizon, and Lumen Technologies. The group, active since 2019, maintained unauthorized access for extended periods.
Key Security Recommendations:
1. Messaging Security:
– Immediate adoption of end-to-end encrypted messaging apps, specifically Signal
– Compatible across iOS, Android, macOS, Windows, and Linux platforms
2. Authentication Measures:
– Implementation of FIDO phishing-resistant multifactor authentication (MFA)
– Use of hardware-based security keys (Yubico or Google Titan)
– Avoidance of SMS-based MFA
3. Additional Protection:
– Enable Google’s Advanced Protection or Apple’s Lockdown Mode
– Implement telco PIN for number porting and SIM swap prevention
– Regular software updates
– Use of current hardware with latest security features
– Avoid commercial VPNs
CISA emphasizes that highly targeted individuals should consider all mobile communications at risk of interception or manipulation, including both government and personal devices. The agency strongly recommends immediate implementation of these security measures to protect sensitive communications.