U.S. federal authorities have called on telecommunications companies to strengthen network defenses following a widespread hacking campaign by Chinese operatives that compromised the private communications of an unspecified number of Americans.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued guidance on Tuesday to help identify and block the hackers, aiming to prevent future cyberespionage. Officials, however, admitted they are still uncertain about the full extent of the breach or whether Chinese hackers retain access to U.S. networks.
Highlighting the global impact of the operation, the U.S. collaborated with security agencies from New Zealand, Australia, and Canada—members of the Five Eyes intelligence alliance, which also includes the UK.
The hacking campaign, referred to as Salt Typhoon, was uncovered earlier this year. Hackers targeted telecommunications networks to access metadata such as call and text logs, including timestamps and recipients. In fewer cases, they intercepted audio files and text content. Victims included government and political officials, and the FBI has reached out to this group. However, the responsibility of notifying affected customers from the larger pool rests with telecom companies.
Despite months of investigations, the true scale of the breach remains unknown. Some of the data targeted by the hackers involved U.S. law enforcement investigations and court orders, potentially linked to programs under the Foreign Intelligence Surveillance Act (FISA). However, officials believe the hackers aimed for broader access to Americans' information by embedding themselves deeply into the nation's telecom systems.
The FBI's recommendations for telecom companies include technical measures like encryption, network centralization, and continuous monitoring. If adopted, these steps could help disrupt ongoing operations like Salt Typhoon and strengthen defenses against similar future attacks, according to Jeff Greene, CISA's executive assistant director for cybersecurity.
TikTok defends handling of Romania election content in grilling by EU lawmakers
“We’re not under any illusion that these actors won’t try to return,” Greene said.
China has been linked to several high-profile cyberattacks in recent months. In September, the FBI disrupted a Chinese operation that infected over 200,000 consumer devices with malware, creating a botnet capable of launching large-scale cybercrimes. In October, hackers associated with China targeted phones belonging to political figures, including then-presidential candidate Donald Trump and his running mate, JD Vance, as well as individuals tied to Democratic candidate Kamala Harris.
China has denied the allegations, with a spokesperson for its embassy in Washington dismissing them as “disinformation.” The statement emphasized China’s opposition to all forms of cyberattacks and accused the U.S. of engaging in its own cyber operations against other nations.