The FBI, alongside U.S. and allied intelligence agencies, has declared the Salt Typhoon cyber campaign a national defense crisis after uncovering widespread infiltration of global telecommunications networks by Chinese state-backed hackers.
Why it matters: The Salt Typhoon operation represents one of the most sweeping espionage campaigns ever exposed, compromising sensitive data belonging to millions of Americans and undermining the integrity of global networks across at least 80 countries.
The details:
- Salt Typhoon operators gained access by exploiting known vulnerabilities in networking equipment, including Ivanti Connect Secure, Palo Alto PAN-OS, and Cisco IOS XE.
- The attackers altered access control lists, created privileged accounts, and enabled remote management on unusual high ports to maintain persistence while hiding in plain sight for months or even years.
- They mirrored traffic and harvested administrator credentials to pivot across provider-to-provider links into downstream networks, exfiltrating data through tunnels designed to blend with legitimate traffic.
- Salt Typhoon targeted telecom carriers, government systems, transportation hubs, lodging networks, and even military infrastructure to enable continuous surveillance of people, communications, and movements globally.
The FBI has already notified hundreds of U.S. victims, making Salt Typhoon one of the most consequential espionage operations ever revealed.
The response: The FBI, NSA, CISA, and intelligence agencies from across North America, Europe, Australia, and Asia released a comprehensive advisory with detailed technical guidance to help network defenders identify and eradicate the threat.
- Organizations are instructed to monitor for telltale patterns, look for unexplained tunnels and redirections, and conduct coordinated evictions.
- The advisory provides indicators of compromise, YARA rules for Salt Typhoon’s custom tools, and Snort rules tied to malicious privilege escalation attempts.
- Defenders are urged to isolate management planes, enforce strong authentication protocols, mandate public-key login for administrators, and act comprehensively.
“This is not just a cyber intrusion. This is the weaponization of our communications infrastructure,” said one senior intelligence official involved in the investigation.
The stakes: Telecommunications networks are vital to modern economies and national defense. The Salt Typhoon campaign, linked to Chinese intelligence services, represents an attack on global trust in communications systems.
What’s next: Executives, CISOs, and network operators must patch exploited vulnerabilities, isolate management planes, eliminate weak credentials, hunt for anomalies, and plan comprehensive evictions. The response to this crisis will likely shape cybersecurity policies and practices for years to come.
Recent from X
Salt Typhoon cyber actors infiltrated the networks of multiple telecommunications companies, recklessly stole personal data belonging to millions of Americans, and in some instances surveilled communications—all in support of the Chinese Communist Party.
The expectation of… pic.twitter.com/nC8qSTbQA5
— FBI (@FBI) August 28, 2025
A Beijing-linked espionage campaign that hit U.S. telecom companies and swept up Donald Trump’s phone calls actually targeted more than 80 countries, reaching across the globe https://t.co/dlIEQa9mzO via @WSJ
— Dr. Dan Lomas (@Sandbagger_01) August 30, 2025
The private sector in the West has been lax on security and has become too comfortable. China’s Salt Typhoon is a sweeping telecoms surveillance breach. https://t.co/fYXkitxNi3
— Aidan Gomez (@aidangomez) August 30, 2025
You may also Like
Reports that Chinese hackers infiltrated critical national infrastructure are not a surprise but a reminder that some states are actively trying to undermine our freedom and steal jobs and prosperity from us.
China must he on the enhanced tier of FIRS. https://t.co/4S06IaIIiI
— Tom Tugendhat (@TomTugendhat) August 30, 2025