China has once again found itself at the center of global cybersecurity concerns, making headlines across Google News and other major platforms. This time, it’s in connection with the controversial Salt Typhoon cyber-espionage campaign—an operation believed to be orchestrated by three private tech firms based in Beijing. While the story has been circulating in media circles for the past 18 months, new revelations have reignited debate and concern.
According to recently declassified findings, the Salt Typhoon operation allegedly infiltrated nearly all major telecommunications and Internet service providers in the United States. Intelligence officials now suggest that the Chinese government, under the leadership of President Xi Jinping, may have collected an unprecedented volume of sensitive data on American citizens. This was reportedly achieved through a widespread phishing campaign targeting employees across numerous federal agencies as well as private and public sector infrastructures.
One of the most concerning aspects of the report is the scope of the surveillance. The operation is said to have captured voice and text communications, including sensitive exchanges involving high-ranking officials. This includes private communications between Vice President Kamala Harris and her staff around the time of the November 2024 elections, as well as discussions linked to former President Donald Trump’s political strategy and future ambitions.
A comprehensive 37-page technical dossier—jointly issued by the FBI, NSA, and the Cybersecurity and Infrastructure Defense Service (CIDS), and endorsed by law enforcement and intelligence agencies in Canada, Germany, Japan, Australia, and the UK—outlines the extent of the breach. The document traces the cyberespionage campaign back to 2021, and claims that by the time U.S. telecom giants like AT&T and Verizon became aware of the intrusion in mid-2024, Salt Typhoon operatives had already accessed highly sensitive personal and governmental data of virtually every American citizen.
In response, these telecom providers swiftly moved to purge their systems of all malicious code and tracking software linked to the Chinese servers. The breach was effectively sealed off, but not before a trove of data had reportedly been exfiltrated.
The report further alleges that this espionage operation was not limited to the United States. Surveillance efforts reportedly spanned over 80 countries, enabling the hacking groups to intercept internet and phone communications on a global scale. In many cases, the attackers were able to precisely determine the physical locations of their targets using GPS and network data.
The cyber tools used in this campaign were reportedly developed by three Chinese tech firms: Hanyu Tianqiong Information Technology, Sichuan Zhixin Ruijie Network Technology, and Sichuan Juxinhe Network Technology. According to U.S. federal sources, these companies were directly involved in designing and deploying the malware that funneled stolen data to servers controlled by China’s Ministry of State Security.
In response to the findings, the U.S. Treasury Department has announced sanctions against the companies and associated individuals, labeling the entire operation as a “global hacking enterprise masquerading as legitimate business.”
Beijing, however, has strongly denied all allegations. In an official statement, Chinese authorities dismissed the claims as politically motivated attempts to tarnish China’s international reputation. They further accused the U.S. government of conducting its own covert surveillance campaigns against Chinese infrastructure, alleging that malware attacks had been launched against personnel within key Chinese government agencies.
As global tensions over cybersecurity and digital sovereignty continue to escalate, this latest chapter in cyber warfare underscores the growing complexity of international digital espionage—and the geopolitical rifts it continues to widen.
Join our LinkedIn group Information Security Community!
