The China-linked hacking group Salt Typhoon has conducted one of the most extensive cyber campaigns in recent years, targeting some of the world’s largest phone and internet companies. Researchers say the operation aims to prepare China for a potential military action against Taiwan.
The campaign involved breaching routers and network equipment of leading U.S. telecom companies, giving the hackers access to call records, text messages, and even audio from senior officials’ phones. U.S. authorities have advised citizens to use end-to-end encrypted messaging apps for secure communication.
United States: Salt Typhoon affected several major U.S. telecom providers, including AT&T, Verizon, and CenturyLink (Lumen), while T-Mobile reported that its customers’ calls and messages remained secure. Satellite communications giant Viasat and internet providers Charter Communications (Spectrum), Windstream, and Consolidated Communications were also compromised. Additionally, the group accessed a U.S. state National Guard network, enabling data theft across other states and territories.
North and South America: Cisco devices linked to universities in Argentina and Mexico were targeted. The Canadian government confirmed top telecom firms had been hacked and warned that the attacks extended beyond just the telecom sector. Activity was also observed in Brazil.
Asia, Africa, and Oceania: Hacking was confirmed on routers at Mytel (Myanmar), South Africa, and universities across Bangladesh, Indonesia, Malaysia, and Thailand. Japan, Australia, and New Zealand have also warned of Salt Typhoon activity affecting telecom and critical infrastructure. In New Zealand, government, transport, lodging, and military networks were impacted. Furthermore, at least 20 organizations were affected in Afghanistan, Eswatini, India, Taiwan, and the Philippines, spanning telecom, consulting, chemical, and transport sectors, as well as government agencies and nonprofits.
Europe: Salt Typhoon activity was recorded in the United Kingdom, potentially exposing senior government staff call records and messages. Norway confirmed multiple breaches, while small internet providers in the Netherlands, Italy, and Poland were also affected.
Expert Warnings on Escalating Threat
Analysts say Salt Typhoon has now targeted over 200 companies worldwide, and the campaign continues to expand. It is regarded as one of the most active and dangerous state-sponsored hacking groups globally.
Renowned cybercrime expert and former IPS officer Professor Triveni Singh said, “State-sponsored hacking activities like Salt Typhoon are not limited to data theft. These organizations are targeting sensitive information and critical infrastructure, preparing for large-scale digital attacks in the future. Attention to the telecom and internet sectors must be a top priority for every country.”
Cybersecurity experts have warned that this campaign is not merely about data theft but could pave the way for significant digital attacks on a global scale.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
