The US Federal Bureau of Investigation announced a $10 million reward for information leading to the identification or disruption of Salt Typhoon, a state-sponsored Chinese hacking group responsible for a widespread cyber-espionage campaign against US telecommunications providers and the US Treasury.
In a public statement, the FBI said it is especially seeking intelligence that could help unmask the individuals behind the group or shed light on the inner workings of its operations targeting the telecom sector.
“Investigation into these actors and their activity revealed a broad and significant cyber campaign to leverage access into these networks to target victims on a global scale,” the agency said.
Salt Typhoon, also known in cybersecurity circles as GhostEmperor and FamousSparrow, has been identified as a Chinese government-backed Advanced Persistent Threat (APT) group. The group made headlines in September 2024, after US authorities revealed it had breached the commercial telecom infrastructure of major providers, including Verizon, AT&T, T-Mobile, and Lumen Technologies.
The FBI confirmed that the group accessed sensitive data, including call logs, a limited number of private communications, and information tied to law enforcement requests some of it protected by court orders.
The hackers reportedly targeted phone records belonging to then-President-elect Donald Trump and his running mate, Ohio Senator JD Vance, as well as members of Kamala Harris's campaign team in the months leading up to the 2024 presidential election.
Authorities warn that the scope of the breach is still not fully known. According to the FBI, PRC-linked actors “had been lurking in several telecom providers for an undetermined amount of time — and likely still remain.” The group is said to employ advanced anti-forensic techniques that allow them to remain undetected for extended periods.
In February, Salt Typhoon was also linked to a separate intrusion into the US Treasury Department, where hackers reportedly gained access to laptops belonging to senior officials. The attacks are believed to be part of a broader campaign to infiltrate US critical infrastructure.
The US State Department is also participating in the effort, offering its own $10 million reward for information about foreign-sponsored cyber actors targeting American infrastructure.
