Salt Typhoon, a sophisticated hacking collective attributed to China, has orchestrated one of the most expansive cyber-espionage campaigns in recent history. The group successfully breached major global telecommunications and internet providers, exfiltrating millions of call records, text messages, and audio files belonging to senior government officials.
Researchers suggest these operations are part of a broader strategic initiative by Beijing to prepare for a potential conflict with Taiwan. By exploiting vulnerabilities in Cisco routers at network edges and hijacking lawful surveillance systems—tools originally mandated for legitimate law enforcement monitoring—the attackers gained deep, persistent access to critical communications infrastructure worldwide.
The Scope of the Breach in the U.S.
In the United States, the impact has been severe. Major carriers including AT&T and Verizon were confirmed victims, along with providers such as Lumen (formerly CenturyLink), Charter Communications, and Windstream. While T-Mobile acknowledged being targeted, the company stated that customer data remained secure.
The reach extended beyond private industry:
- Viasat: The satellite giant was compromised, granting hackers access to sensitive law enforcement monitoring tools.
- National Guard: Reports indicate the group maintained unauthorized access to U.S. National Guard networks for nine months, potentially exposing data across every state and territory.
Due to the severity of these intrusions, the FBI has urged the public to transition to end-to-end encrypted messaging platforms to mitigate the risk of foreign eavesdropping.
North and South America
The campaign’s footprint is hemispheric. In Canada, federal authorities confirmed that top-tier telecommunications firms were breached via Cisco router exploits. Meanwhile, security firm Recorded Future identified Salt Typhoon activity targeting university infrastructure in Argentina and Mexico. Further south, Trend Micro reported evidence of the group’s operations in Brazil.
Asia, Africa, and Oceania
The group’s global reach is evidenced by a long list of targeted nations. In Asia and Africa, the hackers leveraged compromised routers to infiltrate providers such as Mytel in Myanmar and various telecom entities in South Africa. Academic networks across Bangladesh, Indonesia, Malaysia, and Thailand have also been identified as targets.
The Australian and New Zealand governments have issued formal warnings, noting that Salt Typhoon activity has touched sectors ranging from transportation and lodging to military infrastructure. Additional compromises have been reported in Taiwan, the Philippines, India, and Eswatini.
European Operations
Europe has not been spared from this wave of espionage. The United Kingdom confirmed a cluster of malicious activity, with reports suggesting that high-level government staff may have had their communications intercepted.
Other notable European incidents include:
- Norway: Several organizations confirmed as victims.
- Netherlands: Multiple internet providers and web hosts were targeted, though internal networks reportedly remained intact.
- Italy, Finland, and Poland: Cybersecurity agencies in these nations have identified and tracked incidents linked to the Salt Typhoon campaign.
Click here to view the full list of countries currently known to be affected by this ongoing global campaign.