For more than a year, investigators in Washington, London and other allied capitals have pieced together the scale of a cyber operation so vast that it is being described as one of the most far-reaching espionage campaigns in history. The attack, carried out by a state-backed group known as Salt Typhoon, infiltrated telecommunications providers, transportation systems, government networks and even lodging companies across more than 80 countries.
Officials now believe that information on nearly every American may have been swept up in the breach. In a rare joint statement, authorities from the United States, Britain, Canada, Germany, Japan, Spain and several other nations condemned the effort as “unrestrained” and “indiscriminate,” warning that Beijing’s cyber capabilities rival those of Washington and its closest allies.
Final Call: Be DPDP Act Ready with FCRF’s Certified Data Protection Officer Program
The Scope of Salt Typhoon
Salt Typhoon did not confine its efforts to narrow, high-value targets as earlier Chinese campaigns had. Instead, investigators said, the group penetrated at least half a dozen U.S. telecommunications firms, exploiting long-standing vulnerabilities to access phone records, text messages and network data. Among the compromised devices were those belonging to political leaders, including candidates in the 2024 presidential race.
The breadth of the operation means ordinary citizens were almost certainly caught in the dragnet. Whether their personal information was intentionally sought or incidentally collected remains unclear. But the sheer volume of data gives Chinese intelligence the potential to map communications, movements and affiliations on a global scale.
Strategic Implications?
The coordinated statement from Western allies represented the most comprehensive acknowledgment yet of China’s cyberespionage ambitions. Analysts noted that Salt Typhoon reflects a maturation of Beijing’s digital strategy, moving from thefts of corporate trade secrets toward long-term embedding in critical infrastructure worldwide.
Jennifer Ewbank, a former CIA deputy director for digital innovation, stated that this is a shift from opportunistic intrusions to patient, strategic campaigns. She described the operation as a watershed moment in global cyber competition, one that positions China to monitor not only adversaries’ governments but also the private lives of millions.
China’s Embassy in London declined to respond to inquiries. For Washington and its partners, the disclosures underscore an uncomfortable reality: despite extensive intelligence-gathering of their own, the West has few visible tools to deter such activity.