The FBI has confirmed that Chinese state-sponsored hackers infiltrated multiple telecommunications companies in an espionage campaign aimed at stealing data on politicians and other individuals involved in government and public affairs. This confirmation follows reporting that a hacking group linked to China, known as Salt Typhoon, may have targeted the phones of prominent US figures.
In a joint statement, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) characterized the activity as “a broad and significant cyber espionage campaign.”
According to the agencies, “PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to US law enforcement requests pursuant to court orders.”
The statement underscores a disturbing implication: attackers sought access to the same telecommunications infrastructure US internet service providers use to comply with court-authorized wiretap and data request processes. If true, that access could have allowed foreign actors to intercept communications or obtain call records that are normally disclosed only under legal process.
Earlier reporting from major outlets indicated the intrusion affected phone lines and call data for several high-ranking national security and policy officials. While the attackers reportedly had the technical ability to access phone data of a broad set of customers at compromised carriers, the public reporting so far indicates that a smaller, targeted group of political and national security figures were the primary focus.
Security industry professionals view the intrusion as a clear signal that telecommunications networks are attractive targets for state-sponsored actors. Donny Chong, Director at Nexusguard, called the incident a turning point for how telecom providers are perceived in the national security landscape. He noted that communications providers, once seen primarily as connectivity vendors, now occupy the front lines of cyber warfare and espionage because they can provide access to sensitive communications and metadata.
Chong argues that protecting these networks requires a coordinated response beyond the private sector. He recommends stronger regulation and clear cybersecurity standards for telecoms, government support and funding to strengthen provider defenses, and incentives such as tax credits for security investments and workforce development. According to Chong, combining regulatory requirements with financial and technical assistance will help build a more resilient telecom infrastructure.
The incident highlights persistent risks associated with central points of access to communications data. When carriers’ networks are compromised, attackers may gain visibility into call records and private communications that can be exploited for intelligence or influence operations. That risk has prompted calls for tighter oversight, improved incident reporting, and stronger collaboration between government agencies and private-sector providers.
Government agencies and industry groups are expected to examine technical details of the breaches, assess the scope of exposed data, and recommend measures to prevent similar intrusions. Potential responses could include enhanced monitoring and logging requirements, mandatory breach notification timelines, and minimum security baselines for systems that handle law enforcement requests and customer call records.
For telecom operators, practical steps to reduce risk include rigorous network segmentation, stricter access controls for systems handling legal intercept and call record data, comprehensive auditing and anomaly detection solutions, and investment in trained cybersecurity staff. Coordination with CISA and federal law enforcement can also help providers detect and respond to sophisticated nation-state activity more quickly.
While investigations continue and agencies work to contain and remediate any remaining access, the incident serves as a reminder that modern espionage increasingly focuses on critical infrastructure and the intermediaries that carry sensitive communications. Strengthening defenses across telecommunications networks remains a priority to protect officials, private citizens, and the integrity of legal surveillance processes.
(Photo by FlyD)
See also: Cyber threats surge from state-sponsored and criminal actors
Want to learn more about cybersecurity and cloud technologies from industry leaders? Attend the Cyber Security & Cloud Expo, which takes place in Amsterdam, California, and London. The event brings together experts and features co-located conferences covering blockchain, digital transformation, IoT, and AI and big data topics.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.