The scope of the Beijing-directed, years-long Salt Typhoon mega-hack that we learned about only in 2024 may not have been greater than investigators originally suspected. But investigators have now confirmed that Salt Typhoon certainly did much more damage than they originally could tell for sure (Wall Street Journal, August 27, 2025).
In addition to penetrating networks of U.S. telecommunications companies, an incursion that “swept up Donald Trump’s phone calls,” Salt Typhoon “targeted more than 80 countries, reaching across the globe to a far greater extent than investigators initially understood,” the Journal reports.
“This is one of the more consequential cyber espionage breaches we have seen here in the United States,” understates a top cyber official at the FBI, Brett Leatherman.
The scope of the intrusion allowed Chinese intelligence officers to potentially surveil U.S. citizens’ private communications and track their movements around the globe…. The agency estimates that the intruders likely obtained more than one million call records and targeted the telephone calls and text messages of more than 100 Americans….
The hackers were also able to access information from systems the federal government uses for court-authorized network wiretapping requests, one of the aspects of the breach that most concerned U.S. officials. “It should really set off alarm bells for all Americans,” Leatherman said.
The “Salt Typhoon” campaign dates back to at least 2019 but was only discovered by U.S. authorities last year. It allowed China-linked actors to access U.S. customer call data, private communications for a limited number of individuals, sensitive law-enforcement information and technical network information that could inform future attacks, The Wall Street Journal reported last year….
The FBI believes that the intruders are largely contained and that it is now better equipped to spot their activity. On Wednesday, it released a memo that provided new details of the Salt Typhoon intrusions, including technical information about the hackers designed to help companies find them in their networks. The document was signed by other U.S. agencies and intelligence and cybersecurity services in other countries, including the U.K., Canada, the Czech Republic, Finland and Poland.
The new U.S. memo or advisory says that the authoring agencies “strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA [cybersecurity advisory] to reduce the threat of Chinese state-sponsored and other malicious cyber activity.”
The FBI has notified some 600 companies around the world that they were targeted by Salt Typhoon.
The Wall Street Journal refers to the “range of known vulnerabilities” in software and devices linked to U.S. telecom networks that helped the assailants set up shop in this country. But the Journal’s report doesn’t mention the fact that—as James Roth has stressed in these pages—the U.S. government itself mandated the installation of many of these vulnerabilities. The feds wanted back doors installed to assist with their FISA-approved wiretapping. Roth’s comment: “Infrastructure for ‘lawful interception’ is just as available for unlawful interception.”
Where’s the proof!?
The CCP propagandists are disavowing any responsibility for the mega hack and demanding proof of the PRC’s sponsorship.
Liu Pengyu, spokesman for the Chinese embassy in Washington DC, wants to know where is the “conclusive and reliable evidence” that his government was involved. Seems he’s waiting for truckloads of confidential data; what the hackers extracted wasn’t enough. The truckloads would not satisfy him. He’d still claim that the PRC is being framed. The PRC is always getting framed, spokesmen say.
Of course, officials of the country government responsible for Salt Typhoon need no evidence to confirm in their own minds that they have done what they’ve done. They know. Maybe they haven’t advised Liu yet, as he is merely an official spokesman. Meanwhile, the rest of the world has the right idea.
Liu also says: “China firmly opposes and combats all forms of cyber attacks and cyber crime.” Okay.
Also see:
CISA: “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System” (August 27, 2025)
