Federal authorities have called on telecommunications companies to enhance their network security following a sweeping cyberespionage campaign attributed to Chinese hackers, which granted Beijing access to the private communications of an unknown number of Americans.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued detailed guidelines on Tuesday aimed at identifying the hackers and preventing future breaches. However, officials acknowledged that the full extent of the intrusion and whether Chinese hackers still have access to U.S. networks remains unclear.
The advisory, issued in partnership with security agencies in New Zealand, Australia, and Canada—members of the Five Eyes intelligence alliance highlights the global scope of the operation. Dubbed “Salt Typhoon” by analysts, the campaign surfaced earlier this year as hackers targeted networks of multiple telecommunications companies.
Using their access, the hackers collected metadata on a vast number of customers, such as call times, dates, and recipients. For a smaller number of victims, they intercepted the actual content of calls and text messages. The FBI has contacted those directly affected, many of whom are linked to government or politics, but it is up to telecom companies to notify the broader group of affected customers.
The campaign’s full scale remains unknown, but investigators believe the hackers sought to infiltrate the telecommunications system deeply, gaining broad access to Americans’ data. Some of the targeted information pertained to U.S. law enforcement investigations and court orders, raising concerns that the hackers may have attempted to access programs under the Foreign Intelligence Surveillance Act (FISA).
However, officials suggested the hackers had wider motives, aiming to exploit critical infrastructure for intelligence gathering.
The technical guidance issued to telecom companies emphasizes encryption, centralization, and constant monitoring to thwart cyber intrusions. If implemented, these measures could help disrupt operations like Salt Typhoon and deter future attacks.
“We don’t have any illusion that once we kick off these actors they’re not going to come back,” said Jeff Greene, CISA’s executive assistant director for cybersecurity.
Salt Typhoon is the latest in a series of high-profile cyber incidents attributed to China. In September, the FBI revealed it had dismantled a Chinese botnet involving malicious software on over 200,000 devices, including home routers and cameras. The infected devices were used for further cybercrimes.
In October, officials disclosed that Chinese hackers targeted the phones of political figures, including then-presidential candidate Donald Trump, his running mate Senator J.D. Vance, and individuals linked to Vice President Kamala Harris.
China has consistently denied allegations of cyberespionage against the U.S. On Tuesday, Liu Pengyu, a spokesperson for China’s embassy in Washington, dismissed the accusations as “disinformation,” asserting that China opposes cyberattacks and accusing the U.S. of engaging in such activities.
The escalating cyber tensions underline the growing threat of state-sponsored hacking and the urgent need for stronger defenses in critical infrastructure.