A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.

Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said. 

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said. 

Spokesmen for AT&T, Verizon and Lumen declined to comment on the Salt Typhoon campaign.

Companies are generally required to disclose material cyber intrusions to securities regulators within a short time, but in rare cases, federal authorities can grant them an exemption from doing so on national security grounds.

Verizon is among the companies whose networks were breached by a recently discovered intrusion. Photo: Michael Dwyer/Associated Press

The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn't be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.

The attack and its significance was discovered in recent weeks and remains under active investigation by the U.S. government and private-sector security analysts. Investigators are still working to confirm the breadth of the attack and the degree to which the actors observed data and exfiltrated some of it, the people said.

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. 

A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome.

Senior U.S. officials have for years warned about the economic and national security implications of China's multipronged spying operations, which can take the form of human espionage, business investments and high-powered hacking operations.

More recently officials have been alarmed by alleged efforts by Chinese intelligence officers to burrow into vulnerable U.S. critical infrastructure networks, such as water-treatment facilities, power stations and airports. They say the efforts appear to be an attempt by hackers to position themselves in such a way that they could activate disruptive cyberattacks in the event of a major conflict with the U.S.

The Salt Typhoon campaign adds another piece to the puzzle. 

Investigators are still probing the origins of the Salt Typhoon attack and are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet, The Wall Street Journal previously reported. A Cisco spokeswoman said earlier that the company is looking into the matter but has received no indication that Cisco routers were involved. The spokeswoman didn't immediately respond to a request for comment Friday.