The United States, alongside its key allies, has officially declared the ongoing ‘Salt Typhoon’ cyber campaign a national defense crisis, following revelations that the Chinese state-sponsored hacking group has been operating undetected within global telecommunications and critical infrastructure networks for years. The declaration marks a significant escalation in the international response to what officials are calling one of the most sophisticated and far-reaching cyber espionage operations ever uncovered.
Salt Typhoon, an advanced persistent threat (APT) actor believed to be an offshoot of China’s Ministry of State Security (MSS), has been implicated in a series of high-profile breaches. Its primary objective has been long-term, stealthy data exfiltration and intelligence gathering, rather than network disruption. A declassified Department of Homeland Security (DHS) memo revealed that the group extensively compromised a U.S. state’s Army National Guard network for nearly a year. The stolen data included administrator credentials, network diagrams, and personal information of service members, raising serious concerns about the security of U.S. military systems.
The crisis declaration is also a response to the group’s widespread infiltration of major U.S. telecommunications companies, including Verizon, AT&T, and Lumen. U.S. officials stated that Salt Typhoon gained access to the metadata of millions of users, and in some cases, the content of phone calls made by high-profile government and political figures. The hackers also reportedly accessed systems used by law enforcement for court-authorized wiretapping, a move that could potentially reveal sensitive counterintelligence operations.
In a joint advisory, the FBI, CISA, and allied cyber authorities from Canada, the UK, Australia, and New Zealand have provided a robust “hunt guide” for network defenders. The guide details the group’s tactics, techniques, and procedures (TTPs), which include exploiting unpatched vulnerabilities in routers and leveraging legitimate tools to maintain persistence within compromised networks. While these revelations underscore a significant vulnerability in global infrastructure, the public and coordinated response from allied nations aims to force Salt Typhoon to adapt and “burn” its current methods, thereby undermining its long-term espionage campaign. This incident serves as a stark reminder that cyber defense is no longer an isolated task for individual companies but a critical component of collective national security.
