A sophisticated cyber espionage campaign, attributed to the China-backed hacking group known as Salt Typhoon, has successfully breached over 200 U.S. companies across 80 countries. This large-scale operation, according to the FBI, targeted critical infrastructure, including major telecom providers like AT&T, Verizon, and T-Mobile. The hackers reportedly gained access by exploiting vulnerabilities in old, unpatched routers, allowing them to establish a persistent presence within the companies’ networks. Once inside, they were able to steal sensitive information, including call records, wiretap data, and classified government information.
The breach highlights a critical vulnerability in global cybersecurity, particularly concerning the widespread use of outdated networking equipment. Salt Typhoon’s tactics are described as “living off the land,” where they use legitimate network tools to move laterally and avoid detection. The group’s success in this campaign demonstrates a high level of sophistication and a clear strategic objective: intelligence collection. The FBI and other international cybersecurity agencies have issued warnings, urging companies to prioritize patching known vulnerabilities in their network devices, such as those found in Cisco IOS XE and Ivanti Connect Secure.
Reports indicate that Salt Typhoon’s activities align with China’s Ministry of State Security (MSS), its foreign intelligence and secret police. The involvement of three Chinese firms in the operation further blurs the line between state-sponsored hacking and private enterprise. This type of corporate-state partnership allows for a more distributed and harder-to-trace cyber espionage effort, where seemingly legitimate businesses can serve as fronts for intelligence collection. The Chinese embassy has denied all allegations, calling them “unfounded and irresponsible smears.”
The attack poses a significant national security threat. By compromising telecommunications systems, the hackers not only accessed private user data but also systems used for lawful interception by U.S. law enforcement and intelligence agencies. This allows them to monitor sensitive communications of high-value targets, including government officials and military personnel. The long-term presence of the group within these networks means the full extent of the data theft may not be known for some time, and the potential for future disruptions remains.
While some of the affected companies have publicly stated that they have ejected the hackers from their networks, officials and experts remain cautious. Salt Typhoon has demonstrated a pattern of re-entry and persistence, using modified router configurations and other stealthy tactics to maintain access. The incident serves as a stark reminder that even the largest and most seemingly secure organizations are vulnerable if they fail to maintain their digital defenses. Without a concerted effort to address these fundamental security flaws, it is likely that Salt Typhoon, or similar state-backed groups, will continue to exploit these weaknesses for espionage.
