Most Americans have been caught up in sweeping Chinese cyberattacks that have listened into private phone calls and stolen personal information since at least 2019, according to a former top FBI official.
Chinese state-sponsored hackers, known as Salt Typhoon, infiltrated routers of telecommunications companies to gain long-term access to a wide swath of networks in a “deliberate and sustained campaign,” the Cybersecurity and Infrastructure Security Agency warned last week.
Last October, reports claimed that the phones of then Republican presidential candidate Donald Trump and running mate JD Vance had been targeted, launching an FBI investigation. Now, it appears the scope of the attacks was much larger than previously understood.
“I can’t imagine any American was spared given the breadth of the campaign,” Cynthia Kaiser, a former top official in the FBI’s cyber division from 2017 until this May, told the New York Times. The Independent has contacted the agency for further information.
It wasn’t just the United States that was targeted. The hacker group also infiltrated networks in at least 80 countries, the FBI warned.
Salt Typhoon is “targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks,” confirmed a rare joint statement from two dozen government agencies around the world. The cyberattacks have been ongoing since at least 2019 but were only discovered by U.S. investigators last year.
The hacks have been linked to Chinese-based companies that “provide cyber-related products and services to China’s intelligence services, including multiple units in the People’s Liberation Army and Ministry of State Security,” according to the joint statement.
A Chinese embassy spokesperson in Washington said the U.S. had not produced “conclusive and reliable evidence” to show Salt Typhoon was connected to the Chinese government.
“China firmly opposes and combats all forms of cyber attacks and cyber crime,” Liu Pengyu told the Wall Street Journal.
Current and former American security officials are alarmed by the breadth of the attack.
“This is one of the more consequential cyber espionage breaches we have seen here in the United States,” Brett Leatherman, assistant director of the FBI’s top cyber division, told the Journal.
By infiltrating telecommunications, the hackers were able to access texts and calls, and even court-authorized network wiretapping requests. “It should really set off alarm bells for all Americans,” Leatherman said.
It’s unclear if hackers had planned on targeting ordinary Americans’ data or if that information became tangled up in the sweeping attack against dozens of countries, Kaiser told the Times.
“In many ways, Salt Typhoon marks a new chapter,” Jennifer Ewbank, former C.I.A deputy director for digital innovation, told the Times.
She noted that a decade ago, the U.S. and its allies were concerned about China stealing trade secrets, personal information and government data but now the superpower was deploying more complex techniques.
“Today, we see patient, state-backed campaigns burrowed deep into the infrastructure of more than 80 countries, characterized by a high level of technical sophistication, patience and persistence,” she added.
The data stolen through this hack “can provide Chinese intelligence services with the capability to identify and track their targets’ communications and movements around the world,” the joint statement from two dozen government agencies warned.
Salt Typhoon gained access to data on Trump and Vance’s phones in October 2024 by infiltrating Verizon phone systems, the New York Times previously reported. The networks of AT&T, T-Mobile, and other companies were breached around the same time.
Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, called the Salt Typhoon cyberattack the “worst telecom hack in our nation’s history — by far.”
The Democratic Senator noted that the FBI had at that time identified around 150 victims whose phones had been breached — but he warned that number could quickly reach the “millions” when taking into account all the people those victims called or texted.
In May, Warner and other senators wrote a letter to Homeland Security chief Kristi Noem urging her to reestablish the Cyber Safety Review Board to ensure that law enforcement agencies, state and local governments, and businesses are able to protect themselves from ongoing cyberattacks. The Independent has asked DHS for more information.
Homeland Security disbanded the review board in January, before Noem was confirmed as secretary.
