Chinese State-Sponsored "Salt Typhoon" Cyber-Espionage Targets U.S. Communications

In early September 2025, reports emerged detailing an expansive cyber-espionage campaign orchestrated by a Chinese state-sponsored group known as "Salt Typhoon." This campaign has targeted high-profile U.S. figures, including President Donald Trump and Vice President J.D. Vance, as well as ordinary American citizens. The hackers infiltrated telecommunications networks, accessing sensitive data such as private messages and call records. The FBI and other security agencies have issued advisories, highlighting the unprecedented scale of the operation and urging enhanced cybersecurity measures. The campaign underscores a strategic shift in China's digital warfare tactics, moving beyond traditional state actor targets to encompass a broader spectrum of civilian data.

Salt Typhoon is an advanced persistent threat (APT) group believed to be operated by China's Ministry of State Security (MSS). Active since at least 2019, the group has conducted high-profile cyber espionage campaigns, particularly against the United States. Their operations emphasize counterintelligence targets and the theft of key corporate intellectual property. The group has infiltrated over 200 targets in more than 80 countries.

The campaign has impacted at least eight U.S. telecommunications firms and dozens of other nations, accessing private texts and phone conversations of Americans, including senior U.S. government officials and prominent political figures. Salt Typhoon exploited vulnerabilities in network edge devices from Cisco, Ivanti, and Palo Alto Networks to gain and maintain access. By modifying router configurations, enabling persistent services, and stealing administrator credentials via TACACS+ and RADIUS traffic captures, the group ensured long-term footholds in compromised environments. The hackers accessed metadata of users' calls and text messages, including date and time stamps, source and destination IP addresses, and phone numbers from over a million users, most of whom were located in the Washington D.C. metro area. In some cases, they obtained audio recordings of telephone calls made by high-profile individuals.

An international coalition comprising the U.S., its "Five Eyes" intelligence allies, and several other countries publicly accused three Chinese companies—Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology—of supporting cyber espionage for Chinese intelligence agencies, including the People's Liberation Army and the Ministry of State Security. The campaign has impacted at least eight U.S. telecommunications firms, including major providers like AT&T, Verizon, and T-Mobile.

The FBI and other security agencies have issued advisories, highlighting the unprecedented scale of the operation and urging enhanced cybersecurity measures. In response to the attack, the Federal Communications Commission (FCC) proposed new cybersecurity regulations for telecom providers, including mandatory risk management plans with annual compliance certifications and expanded cybersecurity requirements across all communications providers.

The campaign's reach into personal communications raises significant privacy concerns for both high-profile individuals and ordinary citizens. The infiltration of major telecom networks undermines public trust in the security of communication infrastructures. The incident exacerbates existing tensions between the U.S. and China, potentially impacting diplomatic relations and international cybersecurity policies.

While state-sponsored cyber-espionage is not new, the scale and scope of the Salt Typhoon campaign are unprecedented. Previous incidents, such as the 2015 Office of Personnel Management data breach attributed to Chinese hackers, primarily targeted government databases. In contrast, Salt Typhoon's campaign extends to private communications of a broad spectrum of individuals, indicating a strategic shift in targets and methods.

The Salt Typhoon cyber-espionage campaign represents a significant escalation in state-sponsored cyber activities, with far-reaching implications for national security, personal privacy, and international relations. A thorough understanding of the methods employed and the entities involved is crucial for developing effective countermeasures and policies to safeguard against future threats.