Guided by Australia’s tip, American intelligence agencies confirmed a similar attack from China using Huawei equipment located in the U.S.
The incident substantiated suspicions in both countries that China used Huawei equipment as a conduit for espionage, and it has remained a core part of a case they’ve built against the Chinese company, even as the breach’s existence has never been made public, the former officials said.
The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, they said.
The breach and subsequent intelligence sharing was confirmed by nearly two dozen former national security officials who received briefings about the matter from Australian and U.S. agencies from 2012 to 2019.
Ultimately, Australia’s intelligence agencies determined that China’s spy services were behind the breach, having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems.
Now a Bloomberg News investigation has found a key piece of evidence underpinning the U.S. efforts — a previously unreported breach that occurred halfway around the world nearly a decade ago. At the core of the case, those officials said, was a software update from Huawei that was installed on the network of a major Australian telecommunications company.
The episode helps clarify previously opaque security concerns driving a battle over who will build 5G networks, which promise to bring faster internet connectivity to billions of people around the globe.
The U.S. government has warned for years that products from China’s Huawei Technologies Co., the world’s biggest maker of telecommunications equipment, pose a national security risk for any countries that use them. But the U.S., Australia, Sweden and the U.K. have all banned Huawei from their 5G networks, and about 60 countries signed on to a U.S. Department of State program where they’ve committed to avoiding Chinese equipment for their telecommunications systems.