A recent cyberespionage operation believed to be orchestrated by China has sent shockwaves throughout the United States, raising concerns about national security and revealing potential vulnerabilities in the country’s infrastructure. The operation, dubbed ‘Salt Typhoon’ by Microsoft, targeted major telecommunications providers such as Verizon, AT&T, and Lumen Technologies, as well as providers in allied countries, resulting in a breach that lasted for at least eight months.
According to reports, the hackers behind the operation were able to eavesdrop on mobile phone audio and written communications used by senior national security and policy officials across the U.S. government, as well as politicians. This breach has highlighted a significant counterintelligence failure and has prompted investigations by multiple agencies, including the FBI and CISA, to address the threat posed by actors affiliated with the People’s Republic of China.
In response to the cyber attack, the U.S. government has taken steps to mitigate the threat, with agencies collaborating to investigate the unauthorized access to commercial telecommunications infrastructure by Chinese hackers. The White House established a Cyber Unified Coordination Group to coordinate the national response to the attacks, in line with the Presidential Policy Directive 41 signed by President Barack Obama in 2016.
This is not the first time that the U.S. has faced significant cyber threats from foreign entities. Previous incidents, such as China’s compromise of Microsoft Exchange services in 2021 and Russia’s compromise of SolarWinds, have led to the establishment of similar coordination groups to address cybersecurity issues. The creation of the Cyber Safety Review Board in 2021 further underscores the government’s commitment to investigating and addressing major cybersecurity incidents.
Microsoft has identified the Salt Typhoon operation as one of several state-sponsored hacking groups believed to be operating out of China. These groups, including Volt Typhoon and Flax Typhoon, have been linked to attacks targeting critical infrastructure and private companies, posing a significant threat to U.S. and allied interests. The U.S. intelligence community has identified China as the most active and persistent cyber threat, with the goal of influencing U.S. decision-making and advancing geopolitical objectives through cyber capabilities.
As the investigation into the Salt Typhoon operation continues, it is clear that cybersecurity remains a top priority for the U.S. government. The response to this breach will likely involve a coordinated effort among multiple agencies and cybersecurity experts to address the immediate threats and prevent future attacks. The implications of this cyberespionage operation are far-reaching, underscoring the need for continued vigilance and investment in cybersecurity measures to protect against evolving threats in the digital landscape.