US telecommunications companies AT&T and Verizon have confirmed that their systems were targeted in a cyberespionage operation by the China-linked hacking group Salt Typhoon. In statements released on Saturday, the companies assured the public that their networks are now secure, following swift collaboration with law enforcement and federal agencies.
This marks the first acknowledgement of the cyberattacks by the telecom firms, which were part of a larger campaign against US communications infrastructure. Both companies have implemented additional security measures to address the breaches and protect customer data.
US officials recently identified a ninth unnamed telecommunications provider as a victim of the Salt Typhoon operation. According to federal agencies, the hackers gained extensive access to compromised networks, allowing them to geolocate millions of individuals, intercept communications, and even record phone calls. The breach has drawn significant attention due to the potential for widespread espionage. Hackers are believed to have targeted telecom providers including AT&T, Verizon, and Lumen Technologies, stealing call records, telephone audio intercepts, and other sensitive information.
Chinese officials have dismissed the allegations as baseless, labelling them as disinformation. Beijing reiterated its opposition to cyberattacks and cyber theft, maintaining that it combats such activities in all forms.
Limited data compromised, companies take action
AT&T reported that only a small number of cases involved compromised information. The company stated it has been closely monitoring its systems and continues to work with authorities to evaluate and address potential vulnerabilities. “We detect no activity by nation-state actors in our networks at this time. Based on our current investigation of this attack, the People’s Republic of China targeted a small number of individuals of foreign intelligence interest,” an AT&T spokesperson was reported to have stated.
Verizon echoed similar assurances, highlighting that independent cybersecurity experts confirmed the threat had been contained. The company has reinforced its defences to prevent further incidents. In a statement, Verizon’s chief legal officer said: “We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident.”
In response to the breaches, the US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on 18 December, urging senior government and political leaders to strengthen their communication security. The agency warned that traditional methods such as phone calls and text messages may no longer be reliable against sophisticated cyber threats.
CISA’s guidance emphasised the adoption of end-to-end encrypted messaging platforms, such as Signal, which ensure that only the intended recipient can access the content. The agency also recommended implementing phishing-resistant multifactor authentication (MFA) to bolster defences, advising officials to avoid SMS-based authentication, which remains susceptible to interception.
In November 2024, T-Mobile announced it had successfully intercepted a highly coordinated cyberattack linked to Salt Typhoon. Unlike other telecom providers, T-Mobile reported that its advanced security systems prevented the hackers from accessing sensitive customer data, such as calls, voicemails, and text messages.
The attack originated from a compromised wireline provider connected to T-Mobile’s systems. Upon detecting the intrusion, T-Mobile severed the connection to the affected network and implemented enhanced control measures. The company revealed that the hackers attempted to exploit routers to move laterally within its infrastructure but were blocked by its multi-layered defences.
Read more: Trump administration to be less forgiving about cyber-espionage, says incoming US National Security Advisor
