In a joint statement from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), United States officials have disclosed the details of a broad cyber espionage campaign by Chinese state-sponsored actors targeting U.S. telecommunications infrastructure.
The China-backed hackers, identified as the Salt Typhoon group, have reportedly accessed customer call data, law enforcement records, and private communications of U.S. officials and politically active individuals through prolonged breaches in multiple telecom companies.
According to the FBI and CISA, Salt Typhoon infiltrated major U.S. broadband providers, including AT&T, Verizon, and Lumen Technologies. The breach granted these hackers access to sensitive communications and call records, focusing mainly on government officials and politically involved individuals. "We have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data," CISA and the FBI explained in the joint release.
The compromised data also included information acquired by U.S. law enforcement under court orders, which the hackers potentially used to gain insight into U.S. counterintelligence targets. The agencies added that "PRC-affiliated actors… [stole] certain information that was subject to U.S. law enforcement requests pursuant to court orders." These activities underscore China's ongoing efforts to access and manipulate U.S. government and private-sector communications systems.
According to officials, Salt Typhoon maintained access for "months or longer," allowing the group to monitor extensive network traffic and intercept private communications at scale. The espionage campaign comes amid growing concerns over Chinese cyber activities targeting critical infrastructure globally. U.S. officials believe that Salt Typhoon's main objectives are to gather intelligence on government-related communications and to track PRC surveillance efforts within the U.S.
The same group has also reportedly launched related attacks on Canadian federal institutions. Canadian authorities revealed that China-backed hackers conducted network scans across Canadian government departments, political parties, and critical infrastructure, illustrating the campaign's broad geopolitical scope.
The FBI and CISA are working with telecommunications providers to bolster cyber defenses and protect the sector from further breaches. A CISA spokesperson urged affected organizations to report suspected incidents and contact CISA or local FBI offices for assistance. Both agencies coordinate efforts under the recently established Cyber Unified Coordination Group (Cyber UCG) to share insights and strengthen U.S. defenses.
This recent disclosure underscores the continuing cybersecurity threat China poses to U.S. critical infrastructure. Salt Typhoon joins a series of PRC-linked groups, including Volt Typhoon and Flax Typhoon, that have targeted the U.S. with cyber campaigns. As the FBI and CISA continue their investigation, further details are expected. Still, the case already emphasizes the need for vigilant monitoring and a resilient cybersecurity strategy across sectors supporting sensitive communications and national security.
Follow SecureWorld News for more stories related to cybersecurity.