The satellite broadband provider has confirmed a breach linked to China-backed hackers but says no customer data was compromised.
What happened
Viasat, a US-based satellite communications company, has confirmed it was breached by Salt Typhoon, a China-linked state-sponsored hacking group known for targeting global telecom infrastructure. The breach was discovered earlier in 2025 and involved unauthorized access through a compromised device. Viasat reported the incident to federal authorities and stated that, after a full investigation, there was no evidence of customer data being affected.
Salt Typhoon has a history of infiltrating telecom networks in the U.S. and abroad. Viasat is the latest in a growing list of affected companies, which includes AT&T, Verizon, Charter Communications, and others.
Going deeper
Viasat provides satellite broadband services to high-stakes clients across government, aviation, maritime, military, and commercial sectors. While Viasat disclosed the breach to shareholders and is cooperating with U.S. authorities, the company did not release details due to the sensitive nature of the investigation. It stated that the breach has been contained and no recent malicious activity has been observed.
This is not the first time Viasat has been targeted. In February 2022, Russian hackers used a wiper malware attack against Viasat’s KA-SAT network, disrupting service for thousands in Ukraine and Europe just before the invasion of Ukraine. That incident also disabled modems managing thousands of wind turbines in Germany.
Salt Typhoon’s broader campaign involves exploiting unpatched Cisco IOS XE devices to gain access to telecom networks. In several cases, they reportedly accessed US law enforcement wiretap systems and communications of select government officials. As of June 2025, other potential victims include Comcast and Digital Realty.
What was said
A Viasat spokesperson told BleepingComputer, “No evidence was found to suggest any impact to customers.” The company also noted that its investigation involved coordination with government partners, and further public comment would be limited due to the sensitivity of the data involved.
The FBI, NSA, and CISA previously confirmed Salt Typhoon’s extensive campaigns targeting global telecom providers. The group has been active since at least 2019 and continues to exploit network hardware vulnerabilities to gain long-term access to sensitive infrastructure.
FAQs
What is Salt Typhoon, and why are they targeting telecom companies?
Salt Typhoon is a China-linked threat group engaged in long-term espionage campaigns. Telecoms are strategic targets due to their access to communications data, infrastructure, and in some cases, law enforcement systems.
How do attackers typically gain access in these breaches?
Salt Typhoon exploits known vulnerabilities in network devices, especially unpatched Cisco IOS XE software, to establish footholds and move laterally across telecom environments.
What is the significance of targeting satellite broadband providers like Viasat?
Satellite providers often serve defense, government, and infrastructure sectors. Compromising them can give attackers insight into military communications, energy systems, and global connectivity nodes.
How do state-sponsored breaches differ from typical cyberattacks?
State-sponsored breaches are often stealthier, longer-term, and more strategically motivated. The goal is not financial theft, but intelligence gathering and infrastructure access.
What steps can telecoms take to protect against groups like Salt Typhoon?
Regular patching of hardware/software, threat hunting, network segmentation, and close cooperation with national cybersecurity agencies are needed to detect and prevent sophisticated state-linked intrusions.
Farah Amod
