How Chinese "Salt Typhoon" hackers caused world's worst telecom security breach

The Salt Typhoon campaign, a cyberattack linked to a Chinese hacking group, has sent shockwaves through Western security communities as it managed to severely compromise the U.S. telecommunications network. Having been labeled the most significant telecom hack in world history, the attack has triggered urgent warnings from American officials in recent months as it threatens U.S. national security.

First revealed in September 2023, the group infiltrated major American telecommunications networks, including AT&T, Verizon, and T-Mobile. According to an article by the Foreign Policy journal, the Chinese hackers not only gained access to the mobile phones of prominent US individuals, including President-elect Donald Trump and his Vice President, J.D. Vance, but managed to also compromise metadata of over a million American civilians. 

The attack highlights the growing sophistication of Chinese cyber operations, with objectives beyond espionage, potentially to create systemic chaos during conflicts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged high-value targets to adopt stringent communication practices, such as using encrypted messaging apps and avoiding SMS-based login verifications. However, the scale of the hack extends beyond the U.S., with allied nations also affected. 

On December 3, 2024 cybersecurity agencies from the U.S., Canada, Australia, New Zealand, and the United Kingdom issued joint guidance to address the Salt Typhoon breach. Their report, titled Enhanced Visibility and Hardening Guidance for Communications Infrastructure, outlined recommended practices for organisations to mitigate the impact of this and future attacks, as the Business Standard reported. Specific measures to secure targeted Cisco products were included.

Software giant Microsoft announced back in May 2023 their discovery that a group it called Volt Typhoon had burrowed into critical American infrastructure networks including water and transportation across the country as well as in the U.S. overseas territory of Guam, where key  military bases are stationed. 

U.S. Senator Mark Warner, chair of the Senate Intelligence Committee, described the incident by comparing it to prior Russian cyber intrusions, stating that they "paled in comparison" to this incident, likening previous attacks as "child’s play". American media outlets reported as late as in December 2024 that the vast majority of people whose call records have been stolen by Chinese hackers have still not been notified by the U.S. government. 

This breach is part of a broader pattern of Chinese cyber activities targeting critical infrastructure. Earlier attacks by Chinese groups, such as Volt Typhoon and Flax Typhoon, demonstrated a similar focus on disrupting essential systems, from transportation to water supplies. Together, these operations signal an alarming escalation in China's cyber capabilities and intentions. Experts warn of long-term consequences, including hidden backdoors in telecommunications infrastructure that could facilitate further incursions.

The Biden administration has responded by considering bans on Chinese technology companies like China Telecom and TP-Link and securing $3 billion to replace Chinese equipment in U.S. telecom networks. However, these measures are seen as insufficient given the scale and severity of the attack. Incoming President Trump is expected to maintain a tough stance on China, potentially amplifying efforts to curb its cyber influence. Still, questions remain about whether the new administration will match Biden’s focus on cybersecurity.

US experts emphasize the urgent need for offensive cyber strategies to counter China and other adversaries, such as Russia and Iran. Yet, a balance must be struck to avoid revealing vulnerabilities. The private sector’s dominant role in national cybersecurity poses additional challenges, as deregulation under a Trump administration could weaken the nation’s defensive posture.

China denies any involvement in the campaign, asserting that it too is a frequent victim of cyberattacks. In any case, the Salt Typhoon revelations underscore the global implications of cyberwarfare and the vulnerabilities of interconnected systems. U.S. officials recognize the need for long-term vigilance and robust countermeasures to address this ongoing threat.

The Salt Typhoon campaign represents a critical juncture in the U.S.-China technological and cybersecurity competition. Its ramifications extend beyond immediate security concerns, raising urgent questions about the future of cyber defense, private sector involvement, and international relations in an increasingly digitized world.

By Nazrin Sadigova