US telecommunications companies are still working to root out state-sponsored Chinese hackers, known collectively as ‘Salt Typhoon,’ who infiltrated telecom networks in a spying campaign that started several months ago. US officials confirmed that the cyber espionage group has collected intelligence by compromising multiple telecom providers, with targets ranging from prominent government figures to select private individuals.
Among the hackers’ high-profile targets were phones belonging to President-elect Donald Trump and Vice President-elect JD Vance. Additionally, the attackers monitored communications from what the FBI described as a “limited number” of individuals in government and politics. The full scope of the breach remains unclear due to the varied methods Salt Typhoon used to infiltrate these networks and the broad range of their objectives.
Initial media reports suggested the hackers were focused on exploiting the Communications Assistance to Law Enforcement Act (CALEA), a legal framework enabling law enforcement wiretaps. However, officials clarified that CALEA was just one of several systems targeted.
Salt Typhoon reportedly harvested large amounts of metadata from phone calls and text messages, sweeping up information on call times, durations, and contacts. For a smaller subset of individuals, including US government officials, the group extracted content from calls and text messages.
Cybersecurity agencies from the Five Eyes alliance comprising the US, UK, Canada, Australia, and New Zealand released joint guidance on countering Chinese advanced persistent threats (APTs) targeting telecom networks.
The guidance provides best practices for network engineers and security teams, emphasizing enhanced visibility, better defense mechanisms for network devices, and strategic hardening of infrastructure against intrusions.