Chinese hackers breached more U.S. telecom companies

Chinese state-sponsored hackers, Salt Typhoon, have ramped up cyberattacks on U.S. telecom companies, compromising sensitive communications and raising national security concerns.

What happened

Chinese state-backed hackers, tracked as Salt Typhoon, have expanded their breach campaign by targeting additional U.S. telecommunications firms. Over the weekend, sources confirmed that Charter Communications, Consolidated Communications, and Windstream were also compromised in the ongoing cyberattacks.

This wave of breaches follows recent confirmations from AT&T, Verizon, and Lumen that they removed Salt Typhoon hackers from their networks. The group accessed sensitive information, including text messages, voicemails, phone calls, and wiretap data related to U.S. law enforcement investigations.

T-Mobile previously disclosed an attempted breach in November, where attackers compromised some routers. However, T-Mobile’s Chief Security Officer, Jeff Simon, did not attribute that incident to Salt Typhoon, stating that the company’s defenses successfully stopped the attack.

Going deeper

Salt Typhoon has been implicated in breaches across at least nine U.S. telecom companies, with reports suggesting that they’ve infiltrated telecom systems in dozens of countries. The group’s ability to gain deep access to telecom infrastructure poses risks to both individuals and national security, especially since they accessed communications from targeted individuals and law enforcement agencies.

Despite the severity of these breaches, companies like Windstream, Charter, and Consolidated Communications have declined to comment on the matter. It remains unclear whether these firms are part of the previously reported nine U.S. carriers breached by Salt Typhoon or if they add to the growing list.

The breaches have led U.S. authorities to take swift action. The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that government officials switch to end-to-end encrypted messaging apps, such as Signal, to prevent communication interception. Additionally, CISA issued guidance for telecom providers to enhance their cybersecurity defenses against these advanced persistent threats.

What was said

In a press briefing, the White House’s deputy national security adviser for cyber and emerging technologies, Anne Neuberger confirmed that Salt Typhoon has compromised telecom companies in multiple countries. Given the scope of these breaches, she indicated the need for heightened security measures across the telecom sector.

U.S. Senator Ron Wyden of Oregon announced a new legislative proposal aimed at securing American telecom infrastructure. The Federal Communications Commission (FCC) is also stepping up its regulatory efforts. Chairwoman Jessica Rosenworcel stated that the agency is acting “urgently” to require telecom providers to improve their cybersecurity defenses.

The big picture

These breaches spotlight a growing national security challenge as state-sponsored hackers increasingly target telecom networks—the backbone of modern communication. Beyond compromising personal data, these attacks threaten critical systems used by law enforcement and government agencies. U.S. authorities are ramping up cybersecurity efforts, from pushing for stricter telecom regulations to investigating hardware vulnerabilities, as part of a broader strategy to counter China's influence in digital infrastructure.

FAQs

Who is Salt Typhoon, and why are they a major threat?

Salt Typhoon is a Chinese state-backed hacking group, also known as an advanced persistent threat (APT). They specialize in long-term infiltration of telecom systems to access sensitive data like text messages, calls, and law enforcement communications, posing both privacy and national security risks.

How do hackers gain access to telecom networks?

Hackers typically exploit vulnerabilities in routers, firewalls, and outdated systems within telecom networks. They may also use phishing campaigns to steal employee credentials, giving them a foothold to infiltrate deeper into critical infrastructure.

Why are telecom companies frequent targets for state-sponsored hackers?

Telecom networks are high-value targets because they handle vast amounts of sensitive information, including personal communications, government data, and law enforcement operations. Gaining control of these networks allows hackers to monitor, intercept, and manipulate communications.