The FBI is asking for public tips to help track down Salt Typhoon, the Chinese hacking group behind major breaches of telecom networks worldwide.
The FBI has issued a public service announcement asking for tips to help identify members of the Chinese state-sponsored hacking group Salt Typhoon, which is linked to widespread breaches of telecommunications providers across the U.S. and globally. Confirmed targets include major telecom companies like AT&T, Verizon, Charter Communications, and more. Investigations revealed that while infiltrating telecom networks, the hackers also accessed the U.S. law enforcement wiretapping platform and the private communications of some government officials.
The FBI reported that Salt Typhoon’s campaign involved stealing call data logs, accessing private communications, and copying information obtained through court-ordered wiretaps. The agency said it remains committed to protecting the U.S. telecommunications sector and disrupting Salt Typhoon’s malicious operations. Meanwhile, the U.S. Department of State is offering a reward of up to $10 million through its Rewards for Justice program for information leading to the identification of foreign government-linked hackers targeting U.S. infrastructure.
The FBI said its investigation uncovered a broad and significant cyber campaign by Salt Typhoon to exploit network access and target victims worldwide. The agency urged anyone with information about the group’s members or operations to come forward.
U.S. authorities also warned that Salt Typhoon remains highly active. Between December 2024 and January 2025, the group exploited vulnerabilities in unpatched Cisco IOS XE devices to breach more telecommunications companies, including firms in Italy, South Africa, Thailand, and the U.S. Cisco reported that the hackers are using a custom surveillance tool, known as "JumbledPath," to monitor network traffic and capture sensitive information.
Salt Typhoon’s breaches reveal how fragile the backbone of global communication has become. Telecom networks, once seen as neutral infrastructure, are now active battlegrounds where foreign governments quietly gather intelligence, compromise investigations, and undermine national security from within. Protecting these systems isn’t just about cyber defense anymore, it’s about preserving sovereignty in a world where information is the new territory.
Salt Typhoon is a Chinese state-sponsored hacking group known for targeting telecommunications networks and government systems worldwide.
Telecom companies handle massive volumes of private communications and sensitive data, making them prime targets for espionage, surveillance, and cyberwarfare.
JumbledPath is a custom surveillance tool used by Salt Typhoon to secretly monitor network traffic, capture sensitive information, and maintain long-term access to compromised systems.
Keeping network devices updated, patching vulnerabilities promptly, and monitoring for unusual network activity are steps to defend against advanced cyber threats.
By infiltrating telecom networks and accessing government communications, groups like Salt Typhoon pose serious risks to law enforcement operations, intelligence efforts, and the broader security of infrastructure.