New reports suggest that Salt Typhoon, a Chinese state-backed hacking group, has infiltrated several more US telecommunications companies. Speaking to the Wall Street Journal, sources familiar with the situation confirmed that Charter Communications, Consolidated Communications, and Windstream are among the new victims of the China-based organisation, following earlier breaches at major carriers such as AT&T, Verizon, and Lumen.
The cyber espionage campaigns allowed the hackers to access sensitive information, including text messages, voicemails, phone calls, and wiretap data from individuals under investigation by US law enforcement. The breach has raised concerns about the security of communications infrastructure and the protection of personal data across telecom networks.
Salt Typhoon’s operations are not limited to the US — the group has reportedly targeted telecoms and other organisations in multiple countries. In December, the US government confirmed that the group had breached nine telecom companies, though it remains unclear whether the latest victims are among their number. The hacking group’s activities are part of a wider pattern of cyberattacks attributed to Chinese-backed threat actors, which have targeted numerous nations, particularly in Europe and Asia.
US response to Salt Typhoon
In light of this growing threat, the US government has shored up its cybersecurity protections. The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that government officials use end-to-end encrypted messaging apps such as Signal to mitigate the risks of communication interception. Additionally, CISA has released guidance for telecom companies to help strengthen their systems against similar attacks.
Moreover, US Senator Ron Wyden of Oregon has introduced a bill aimed at securing US telecom infrastructure. Meanwhile, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel has vowed to take “urgent” action to ensure that US carriers are adequately protected from cyberattacks. The government is also reportedly planning to shut down China Telecom’s last active operations in the US as part of an ongoing effort to curb Chinese cyber threats. US authorities are also considering banning TP-Link routers if investigations reveal a link between the devices and recent cyberattacks.
As part of its efforts to combat state-sponsored cyber threats, the government also imposed sanctions on Integrity Technology Group, a Beijing-based cybersecurity company. Integrity Technology Group has been accused of facilitating cyberattacks by supporting Salt Typhoon.
In addition to targeting telecoms, Chinese-sponsored hackers have been linked to a significant breach at the US Department of the Treasury. The attack, which compromised the Treasury’s Office of Foreign Assets Control (OFAC), marks another major cybersecurity incident involving Chinese threat actors. The breach is part of a broader wave of state-sponsored cyberattacks that have targeted US government systems and other critical infrastructure.
CISA has been working closely with the Treasury Department to investigate and mitigate the impact of the breach. The agency has reassured the public that no other federal agencies have been affected at this stage. CISA has also stressed the importance of safeguarding federal systems and has committed to providing updates as the investigation progresses.
In a separate incident, the United Nations’ International Civil Aviation Organization (ICAO) has launched an investigation into the theft of tens of thousands of records from its database. The agency confirmed that the breach is linked to a hacker forum claim that 42,000 records had been stolen. This incident is reportedly connected to a known threat actor responsible for targeting international organisations.
Read more: CISA urges US government agencies to ditch unencrypted telecommunication platforms amid Chinese cyber threat
