A silent battle is unfolding in the cyber shadows between global telecommunications infrastructure and state-backed hackers. In the latest revelation, U.S. satellite communications giant Viasat has confirmed it was breached by Salt Typhoon, a sophisticated Chinese cyber-espionage group known for targeting telecoms worldwide. The breach raises fresh alarms about the vulnerability of satellite networks at the heart of military, government, and global infrastructure systems.
A Growing Pattern: China’s Salt Typhoon Targets Yet Another Telecom Titan
Viasat, a major provider of satellite broadband communications to global military, energy, and aviation customers, has confirmed a cybersecurity breach linked to China’s Salt Typhoon threat group. The hacking collective, previously connected to attacks on major U.S. telecoms such as AT&T, Verizon, and Charter, reportedly infiltrated the network through a compromised device earlier this year.
Although Viasat claims no customer data was accessed or affected, it acknowledged engaging third-party cybersecurity experts and federal authorities to investigate the unauthorized access. The breach was first reported by Bloomberg and later confirmed by cybersecurity outlet BleepingComputer, which had initially approached Viasat in February.
This marks another alarming escalation in Salt Typhoon’s long-running cyber campaign, which has explicitly targeted telecom infrastructure in at least two dozen countries, often seeking access to law enforcement wiretap systems and government communications.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Strategic Espionage: Why Viasat Matters in the Global Power Play
Viasat is no ordinary telecom. Its broadband satellite services support governments, armed forces, commercial aviation, maritime navigation, and remote energy infrastructure. The company’s KA-SAT service, previously breached by Russian actors during the 2022 Ukraine invasion, has become emblematic of how satellite communication is now a frontline in geopolitical cyber conflict.
In 2022, Russia’s GRU-linked hackers deployed AcidRain malware against KA-SAT, wiping thousands of satellite modems in Ukraine and across Europe, including 5,800 wind turbines in Germany. The incident showcased how vulnerable satellite networks are to sabotage with real-world consequences.
Salt Typhoon’s motives are believed to be intelligence-gathering rather than sabotage. Their recent attacks focused on exploiting unpatched Cisco IOS XE devices, a known vector for remote command execution, and breaching network management tools in telecoms to harvest sensitive information and credentials. Cybersecurity officials at the NSA and CISA recently flagged Comcast and Digital Realty as additional targets, further cementing Salt Typhoon’s expansive reach across the global digital backbone.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
A Global Game of Infiltration
Salt Typhoon’s campaign, active since at least 2019, represents a concerted and evolving cyber-espionage strategy by the Chinese state, experts say. The group has leveraged advanced persistent threats (APT) to infiltrate telecom giants in the U.S. and abroad, exfiltrating metadata, surveillance intercepts, and, in rare cases, direct communications from government officials.
According to a joint FBI and CISA alert in October 2024, Salt Typhoon accessed U.S. law enforcement wiretapping systems and confidential communications of a “limited number” of government employees. These findings have sparked bipartisan concern in Washington and prompted renewed calls for aggressive hardening of critical infrastructure.
The implications are far-reaching. With Viasat’s satellites playing a role in global defence communications, any breach, even if customer impact is denied, raises serious questions about supply chain security, vendor trust, and the limits of current cyber defence postures.