At least three American telecom providers were infiltrated by a Chinese hacker group known as “Salt Typhoon” U.S. officials confirmed this week. The operation is now believed to be aimed at uncovering the Chinese targets of American surveillance.
The hackers believed to be working at the behest of Beijing, accessed the networks of AT&T, Verizon, and Lumen Technologies, notably the systems used by federal authorities for court-approved eavesdropping. The federal government uses court-approved electronic surveillance, and the firms are required by law to allow the authorities to gain access to electronic information if there is a court order for such eavesdropping, NBC News reported.
“This is the most significant cyber intrusion in a decade,” Tom Kellermann, senior vice president of cyber strategy at Contrast Security told ClearanceJobs.
“The national security implications are tremendous,” warned Kellermann. “The Chinese espionage campaign is ongoing and expanding.”
Multiple U.S. intelligence agencies, the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) are now investigating the breach. The Chinese embassy in Washington, D.C. has disputed the allegations, however, and has even suggested the U.S. intelligence community (IC) has been fabricating evidence.
Cyber War Ongoing
While Beijing and Washington seem increasingly headed towards a “Cold War 2.0,” China and the U.S. are already engaged in a de facto cyber war, experts warned.
“This attack is bringing to the forefront many cyber espionage activities that have been part of ongoing digital warfare between nation-states. Similar attacks were first seen early in the Ukraine war,” explained MJ Kaufmann, cyber security instructor at O’Reilly Media.
“However, this particular incident is unique because it is the first fully visible and attributable attack between two major world powers,” Kaufmann told ClearnanceJobs. “This breach could escalate tensions between the U.S. and China, affecting diplomatic relations and potentially leading to retaliatory actions in cyberspace or even through more traditional methods.”
Simply put, there are plenty of ways for hackers to access our networks, and it only takes one of those to be unsecured.
“Our telecommunications infrastructure is the gateway through which U.S. citizens access the internet, mobile apps, CTV, and gaming platforms – to shop, play, get news, and stay connected,” said Chris Olson, founder and CEO at security provider The Media Trust.
“By infiltrating these networks, threat actors have the potential to exploit vulnerable populations—senior citizens, students, government employees, workers maintaining critical infrastructure—by spreading malware, distributing disinformation, and infecting devices with backdoor attacks,” Olson told ClearanceJobs. “These tactics can be used to gather personal data, manipulate public opinion, or even undermine trust in institutional systems. The long-term consequences could erode the security of our digital ecosystem, inflict harm on American businesses, and leave our citizenry vulnerable to further attacks.”
The concern with this specific breach is whether any data that the hackers may have access to could impact national security – especially as it likely contains highly sensitive data, including secure communications between government officials and other critical national security information.
“This information may include ongoing operations and collaborations with foreign allies,” suggested Kaufmann. “It could enable adversaries to disrupt these operations, manipulate outcomes, or preemptively counter U.S. actions.”
Chinese Hackers on U.S. Radar
Cyber breaches have become all too common, but what is especially disconcerting about this latest attack is how it was so directed. This may suggest a very coordinated effort on Beijing’s part.
“This is another good news/bad news story,” said Karen Walsh, CEO at Allegro Solutions and cyber security compliance expert and author.
“The bad news is that Salt Typhoon is a group that appears focused on gathering intelligence and clearly targeted systems related to capturing communications that matter to our intelligence community,” Walsh told ClearanceJobs. “If we can say that there’s ‘good news,’ it’s that the government has been watching this group and their attempts for most of 2024.”
Walsh noted that the FBI released an advisory about Salt Typhoon back in 2024, so the group has been on the IC’s radar.
“In July 2024, the US and its allies noted additional activity,” Walsh added. “At the end of September, reports that this group was targeting ISPs were already circulating, alleging that the group compromised routers.”
Though the impact of this hack may be limited, the next one could be far worse.
“The bad guys will always be ahead of us unless we change our mindsets and begin to leverage our internet and telecom infrastructure to protect people,” said Olson. “The long-term implications of this breach and others will extend far beyond immediate disruptions.”
