While most Americans were going about their daily lives, Chinese hackers were quietly burrowing into the nation’s telecommunications backbone. The Salt Typhoon attacks, linked to China’s Ministry of State Security, infiltrated at least nine major U.S. telecom companies including giants like Verizon and AT&T. Let that sink in. These weren’t amateur hackers – this was a sophisticated operation with state backing.
Active since 2019, these attackers – also known by colorful names like Earth Estries and GhostEmperor – weren’t just after your credit card info. They wanted something bigger: access to metadata on communications, geolocation data from hundreds of devices in Washington D.C., and potential control of wiretapping systems. Yeah, you read that right. Wiretapping systems.
These state-backed hackers weren’t after petty theft—they wanted the master keys to America’s digital conversations.
Their methods were sneaky. They exploited vulnerabilities in public-facing servers and VPNs, using “living off the land” techniques that made them hard to spot. Custom malware like GhostSpider backdoor and Demodex rootkit helped them burrow deeper into systems. Some networks were compromised for two years before anyone noticed. Two. Years.
The fallout has been massive. Critical infrastructure in energy, water, and transportation sectors was compromised. Government agencies and political figures were targeted. Senator Mark Warner described this as the worst telecom hack in U.S. history, underscoring the severity of the breach. In fact, the impact of Salt Typhoon far exceeds previous Russian operative attacks on our networks. And the costs? Astronomical. Companies are now spending millions on incident response and remediation. Thanks for that, China.
CISA and the FBI have launched joint investigations, deploying threat hunting teams across multiple sectors. The private sector has joined forces through the Joint Cyber Defense Collaborative. Better late than never, right?
The implications are serious. We’re looking at heightened risks of destructive attacks on critical infrastructure, strained U.S.-China relations, and the potential for escalating cyber conflict between nations. Legacy telecom systems need modernization, and AI-driven threat detection suddenly seems worth the investment. A comprehensive risk assessment framework would have potentially identified these vulnerabilities before they were exploited at such scale.
The scary part? This might just be the beginning. Salt Typhoon has shown how vulnerable our most critical systems really are. And next time, they might not just be looking.