U.S. authorities are grappling with the ramifications of a sweeping cyberattack attributed to a Chinese state-linked hacking group known as Salt Typhoon, which has infiltrated critical telecommunications networks. Federal agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Council, briefed senators in a classified meeting on Wednesday to address the breach's implications and scale.
The hack, described by officials as ongoing, has targeted dozens of telecom companies and internet service providers, compromising sensitive data, including call records, audio intercepts, and U.S. court orders. According to U.S. officials, the intrusion threatens not only private communications but also national security, with political leaders among those targeted.
Jeff Greene, executive assistant director of cybersecurity at CISA, stated, "We cannot say with certainty that the adversary has been evicted. We're tracking them down, but this remains a complex and evolving situation." Greene urged Americans to use encrypted communication methods to mitigate potential exposure.
The breach has drawn scrutiny from lawmakers, with Senate Intelligence Committee Chair Mark Warner calling it "the most serious breach in our history." Officials have emphasized that the full scope of the attack remains unclear, as Salt Typhoon's activities continue to evolve.
Hackers reportedly accessed information through vulnerabilities in telecom networks, with companies like AT&T, Verizon, and T-Mobile believed to be among the victims. The attackers also obtained legal documents through the Communications Assistance for Law Enforcement Act (CALEA), which allows intelligence agencies to collect data under court orders. While officials did not confirm if Foreign Intelligence Surveillance Act (FISA) orders were included, they acknowledged the potential severity of the breach.
Reports indicate that three groups of victims were affected: individuals whose call records were stolen, a smaller number of government-linked individuals whose communications were compromised, and those whose information was accessed from legal files. President-elect Donald Trump and Vice President-elect JD Vance were reportedly among those impacted before the election.
The breach, which U.S. agencies began investigating in late spring, has prompted international collaboration. On Tuesday, the U.S., along with Canada, Australia, and New Zealand, issued a joint alert warning of the continued targeting of global telecommunications providers. The United Kingdom, a member of the Five Eyes intelligence alliance, did not sign the alert, citing different mitigation strategies.
Chinese officials have denied the allegations, calling them disinformation. Beijing stated it "firmly opposes and combats cyberattacks and cyber theft in all forms." However, U.S. officials remain steadfast in their accusations, pointing to servers across multiple countries used to facilitate the hackers' activities.
The incident highlights the vulnerabilities in U.S. infrastructure and the increasing sophistication of state-sponsored cyberattacks. Lawmakers have called for urgent action, with Senator Mike Rounds warning, "Any one of us and every one of us today is subject to the review by the Chinese Communist government."
A Senate Commerce subcommittee plans to hold a hearing on December 11 to examine the breach further, signaling heightened concern over the issue. Greene acknowledged the challenge ahead, stating, "It would be impossible for us to predict when we'll have full eviction."