U.S. officials and security investigators are sounding the alarm about a major security breach potentially orchestrated by a Chinese hacking group known as Salt Typhoon.

We first covered this story in our fortnightly risk report for the week covering 13th of October.

This group has successfully infiltrated the networks of major U.S. companies, specifically broadband providers, to steal sensitive information. The most alarming aspect of these attacks, according to Dustin Volz, a Wall Street Journal reporter covering cybersecurity issues, is the hackers' stealth and sophistication.

They have managed to remain undetected within these networks for months, potentially even longer, raising serious concerns about the sensitive nature of the compromised data.

According to Volz, there are

tens of thousands, if not more, hackers who are working day and night to infiltrate these networks.

Salt Typhoon aren’t the only group of their kind. The U.S. has disrupted at least two other China-linked hacking campaigns, Flax Typhoon and Volt Typhoon (Typhoon being the common U.S. name shared between the groups). But these are two of potentially hundreds according to U.S. intelligence agencies.

What remains most concerning is that the Typhoon groups are now focusing on private businesses. These are vulnerable operations that have direct links through to government agencies or mass amounts of data (like telcos).

The magnitude of the situation

Volz emphasizes the gravity of the situation, describing it as "potentially catastrophic". In his decade of reporting on cybersecurity issues, he ranks this hack among the most concerning, noting that the level of panic among officials is highly unusual.

Verizon, AT&T, and Lumen, three major broadband providers in the United States, have been identified as victims of the Salt Typhoon campaign. These companies have declined to comment on the matter.

It’s evidence that large, private and public companies are strong targets for the hackers to access a wide range of critical information.

Targeting U.S. wiretap systems

Adding to the complexity of the situation is the fact that Salt Typhoon targeted systems used by the U.S. government for domestic surveillance, specifically the network used to comply with court-authorized wiretapping requests.

These systems are required under the Communications Assistance Law Enforcement Act, which mandates telecommunications companies to provide access to communications data for criminal and national security investigations upon receiving a court order.

By gaining access to this network, the Chinese hackers could essentially spy on U.S. investigations, potentially gaining insight into counterintelligence operations targeting Chinese spies operating within the United States and her allies.

A shift in tactics

Volz highlights a significant shift in Chinese hacking tactics. Previously, they were known for their noisy and easily detectable attacks, often stealing vast amounts of data but leaving clear traces.

However, recent attacks, including Salt Typhoon, have adopted a more sophisticated approach reminiscent of Russian hacking operations, focusing on stealth and long-term access. This new level of sophistication poses a significant challenge, as it becomes increasingly difficult to detect their presence and determine the extent of the damage.

Laying the groundwork for future conflict

China’s cyber operations against the U.S. have grown beyond traditional espionage, venturing into the unsettling territory of targeting critical infrastructure like transportation systems, power grids, and water sanitation facilities.

While groups like APT40 (a Chinese state-sponsored hacking group linked to the Ministry of State Security, persistent in sophisticated cyber espionage on intellectual property) have long focused on data theft — hacking into telecom networks to collect sensitive information, including call logs and geolocation data — recent activities point to a more strategic intent.

This campaign, which includes operations like Volt Typhoon, appears focused on establishing a quiet, sustained presence within essential U.S. networks.

The goal: to pre-position digital assets for potential future attacks, embedding “digital spies” that could disrupt crucial services during a major conflict. By securing these footholds, China’s cyber operatives might be preparing to compromise U.S. response capabilities in a high-stakes scenario, such as a confrontation over Taiwan.

U.S. officials, including FBI Director Christopher Wray, have raised alarms about the potential consequences of these intrusions, urging the public to understand the threat they pose to national security and daily life.

The sophistication of China’s tactics has also evolved. These aren’t the noisy, detectable hacks of the past; today’s operations are stealthy, sophisticated, and exceedingly difficult to counter. The shift towards covert methods means that Chinese cyber actors can operate undetected, increasing the potential damage they can inflict if their “digital sleeper cells” are activated.

A shared responsibility

While the sophistication and scale of Chinese cyber attacks pose a daunting challenge, there is a growing consensus that the U.S. needs to bolster its cybersecurity defenses.

With the largest cyber force in the world, China’s offensive operations have reached a scale and scope that few can match. This formidable cyber army, backed by a government commitment to expanding digital warfare capabilities, underscores the urgent need for the U.S. to bolster defenses and take a proactive stance against this persistent and escalating threat.

A significant issue lies in the heavy reliance on the private sector for cybersecurity, with many companies lacking stringent requirements imposed by Congress. This lack of robust security standards creates a vulnerable environment for hackers, making the U.S. a "target-rich" environment. Experts argue that companies need to prioritize resilience, detection capabilities, and response systems to mitigate the inevitable reality of cyber intrusions.

The Salt Typhoon campaign serves as a stark reminder of the evolving and increasingly sophisticated nature of cyber threats.

The attack's focus on sensitive data within U.S. companies underscores the growing trend of hackers seeking out easier targets beyond government networks. As China's cyber capabilities continue to expand, the need for stronger defenses and a collaborative approach between the government and the private sector becomes ever more critical.

As we understand the result of 2024’s election, the evolution of this approach is yet to be determined.