Salt Typhoon’s latest victims include Charter, Consolidated, and Windstream, underscoring the widening scope of China’s cyberespionage campaign against critical US infrastructure.
Chinese hackers linked to the Salt Typhoon cyberespionage operation have breached even more US telecommunications firms than initially reported.
New victims — Charter Communications, Consolidated Communications, and Windstream — add to a growing list that already includes AT&T, Verizon, T-Mobile, and Lumen Technologies.
Earlier, the US authorities informed that nine telecom firms have been affected by the Chinese espionage campaign.
This widening infiltration reveals an unprecedented level of exposure for US critical infrastructure and highlights the urgent need for comprehensive cybersecurity reform, reported The Wall Street Journal.
Charter, Consolidated, and Windstream Communications did not respond to requests for comment.
Expanded scope of intrusions
Salt Typhoon, believed to be tied to Chinese state-sponsored actors, targeted telecommunications firms to access sensitive data, steal intellectual property, and potentially disrupt vital communications networks.
Hackers exploited unpatched vulnerabilities in widely used hardware, including Cisco routers and Fortinet devices, allowing them to embed themselves deeply within systems, the WSJ report added.
These actions follow earlier revelations that Salt Typhoon attackers had compromised AT&T, Verizon, and Lumen networks to spy on sensitive communications. Verizon had earlier confirmed that a limited number of high-profile targets in government and politics were specifically breached, raising national security alarms.
While firms like Lumen and T-Mobile claim to have eradicated active threats, experts warn of lingering vulnerabilities.
National security alarms
Beyond telecom firms, Salt Typhoon poses an even greater threat to US critical infrastructure. A classified briefing led by US National Security Adviser Jake Sullivan last fall warned executives that Chinese hackers have the capability to disable major ports, power grids, and other critical infrastructure at will, the report added.
CSO Smart Answers
Learn more
Explore related questions
- What is the impact of state-sponsored hacking on US critical infrastructure?
- How do Chinese hackers exploit vulnerabilities in telecom firms?
- What is the role of the FCC in regulating cybersecurity in the telecom industry?
- How do telecom firms respond to cyberespionage attacks?
- What is the significance of the Salt Typhoon operation in the context of US-China relations?
In November last year, Sullivan and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger convened a meeting with telecommunications executives to share intelligence and discuss the extensive cyber espionage campaign by the People’s Republic of China targeting the industry.
In response, FCC Chairwoman Jessica Rosenworcel proposed new regulations to address these vulnerabilities. Under the plan, telecommunications companies must submit annual certifications attesting to the implementation of cybersecurity risk management plans. These measures aim to create a robust framework to combat threats from increasingly sophisticated adversaries.
Earlier, the US Consumer Financial Protection Bureau (CFPB) issued a directive prohibiting employees and contractors from using mobile phones for work-related calls. The decision follows a significant breach in the US telecommunications infrastructure, reportedly linked to Chinese hackers.
In an internal memo, the CFPB’s Chief Information Officer urged staff to shift sensitive conversations to secure communication platforms such as Microsoft Teams and Cisco WebEx.
Just not that, the Salt Typhoon group had also allegedly hacked several major US ISPs for cyber espionage.
Broader implications for US infrastructure
The Salt Typhoon revelations follow a broader pattern of state-sponsored cyber operations targeting the US technology ecosystem. The telecom sector, serving as a backbone for industries including finance, energy, and transportation, remains particularly vulnerable to such attacks.
While Chinese officials have dismissed the accusations as disinformation, the recurring breaches underscore the pressing need for international collaboration and policy enforcement to deter future attacks. The Salt Typhoon campaign has uncovered alarming gaps in the cybersecurity of US telecommunications firms, with breaches now extending to over a dozen networks.
Federal agencies and private firms must act swiftly to mitigate risks as adversaries continue to evolve their attack strategies. Strengthening oversight, fostering industry-wide collaboration, and investing in advanced defense mechanisms are essential steps toward safeguarding national security and public trust.
