A coalition of over a dozen allied nations, including the United States, United Kingdom, Canada, Australia, and New Zealand, has issued a joint advisory accusing three Chinese technology companies of enabling a widespread cyber-espionage campaign known as “Salt Typhoon.” The agencies claim these firms provided cyber-related products and services to China’s intelligence services, allowing for the intrusion into critical infrastructure networks across more than 80 countries.
The advisory specifically names Huanyu Tianqiong Information Technology, Sichuan Zhixin Ruijie Network Technology, and Sichuan Juxinhe Network Technology as entities linked to the malicious activity. According to the document, the data obtained from these intrusions, particularly against telecommunications, lodging, and transportation sectors, has given Chinese intelligence agencies the ability to track the communications and movements of targets around the world. The campaign, which has been underway since at least 2021, has compromised sensitive data, including phone records and, in some cases, the communications of high-profile political figures.
Salt Typhoon is identified as an advanced persistent threat (APT) group believed to be operated by China’s Ministry of State Security (MSS). The hackers have reportedly exploited publicly known vulnerabilities in network devices from companies like Cisco and Ivanti, using these entry points to establish a persistent, long-term presence on compromised networks. The FBI’s top cyber official, Brett Leatherman, described the operation as “one of the more consequential cyber espionage breaches we have seen.”
In response to the allegations, the Chinese Embassy has consistently denied all involvement, labeling the accusations as “unfounded and irresponsible smears and slanders.” Beijing maintains that it is a victim of cyberattacks itself and has accused the United States of “hyping” warnings and conducting its own surveillance operations. Previous attempts to contact the accused companies have been unsuccessful.
The joint advisory serves as a strong signal of a united international front against a campaign that officials say goes well beyond traditional intelligence gathering. It urges organizations in targeted critical sectors to immediately apply patches and other mitigations to protect their systems from the ongoing threat.
