According to U.S. officials, a Chinese hacker group known as “Salt Typhoon” has infiltrated the networks of at least three major U.S. telecommunications providers in a significant cybersecurity breach. This audacious espionage operation is believed to be aimed at uncovering the Chinese targets of American surveillance.
The Federal Bureau of Investigation (FBI), U.S. intelligence agencies, and the Department of Homeland Security are currently investigating the breach, which remains in its early stages.
Officials who requested anonymity due to the sensitivity of the matter said the full extent of the compromises and their potential impact is not yet fully understood.
President Joe Biden has been briefed on the situation, although spokespeople for the involved agencies have declined to comment publicly.
Breach Details
The compromised companies include Verizon, AT&T, and Lumen Technologies—three of the largest internet service providers in the United States. However, officials suggest that the list of affected companies may be longer, as hackers have reportedly been embedded in these systems for several months.
A key target appears to be information related to lawful federal wiretapping requests. There are indications that hackers accessed broader internet traffic within these networks, raising concerns about potential exposure of sensitive data.
U.S. officials suspect that China’s Ministry of State Security (MSS) is behind the breach, with involvement from a hacking group known as Salt Typhoon. Microsoft has been monitoring this group’s activities, though no official attribution has been made yet.
“This has all the hallmarks of an espionage campaign—one with potentially deep access to the most important communication companies in the country,” said Brandon Wales, former executive director at DHS’s Cybersecurity and Infrastructure Security Agency.
The Chinese Embassy in Washington has disputed these allegations, accusing U.S. intelligence and cybersecurity firms of fabricating evidence to justify increased funding and government contracts. “In fact, China is one of the main victims of cyberattacks,” said embassy spokesman Liu Pengyu.
According to the WSJ report, If confirmed, this breach could provide China with critical insights into U.S. intelligence operations and targets. Such access would allow them to undermine or manipulate U.S. intelligence efforts.
China has a history of targeting Western democracies through cyber espionage, including industrial and technological thefts and attempts to influence political landscapes. Past operations like Operation Aurora have similarly targeted U.S. companies for sensitive data.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Ongoing Investigations
Verizon has reportedly set up a “war room” in Ashburn, Virginia, involving personnel from the FBI, Microsoft, and Google’s Mandiant security division to address the breach. Hackers allegedly exfiltrated data by reconfiguring Cisco routers within Verizon’s networks—a move highlighting both their sophistication and potential security lapses within Verizon.
This operation is distinct from previous breaches attributed to another Chinese group dubbed Volt Typhoon by Microsoft. While both involve critical infrastructure targets in the U.S., there is no evidence suggesting coordination between these campaigns.
As investigations continue, officials emphasize that understanding the full scope and impact of these breaches will require more time and analysis.
Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here