Quote: "As reported by multiple sources, these PRC-backed threat actors associated with Salt Typhoon did in fact exploit an intentional backdoor in these ISP’s systems [edited: AT&T, Verizon, and Lumen] that had been put in place to comply with the Communications Assistance for Law Enforcement Act (CALEA). These backdoors were intended to provide law enforcement with a technical means of executing legal wiretapping per warrants and subject to legal requirements. What Salt Typhoon was able to access represents a potentially serious compromise of the privacy of US citizens and carries significant national security implications."
Yeah I was going to say that "Achilles Heel" makes it sound like it was a previously unknown vulnerability. This is really an intentional access point into the infrastructure that didn't have mitigations in place (or an actual unknown vulnerability) that was used to gain access.
