We’ve heard this before about China’s massive cyberattacks on U.S. telecommunication networks: they were too easy. And the cyberattacking is still too easy. The barn door was open and unlocked and has yet to be closed and locked (War on the Rocks, January 29, 2026).
In December 2025, the Senate Commerce Committee aired a blunt conclusion about Salt Typhoon, the Chinese state-sponsored cyber espionage campaign against U.S. telecommunications networks and critical infrastructure: America’s networks remain vulnerable, and telecom firms like Verizon, AT&T, T-Mobile, and others still have not convincingly shown they have evicted the intruders. The Senate hearing cited basic failures, such as legacy equipment, weak passwords, and years-old patches that were never applied, as key reasons the breach succeeded….
The uncomfortable lesson of Salt Typhoon is not that Beijing has futuristic capabilities. It’s that Washington often treats major intrusions as proof of overwhelming adversary sophistication, when in reality, basic, preventable weaknesses still account for much of the vulnerability. A 2025 joint advisory issued by U.S. and allied intelligence agencies warned that Chinese state-sponsored threats have targeted networks globally—especially telecommunications—and that these actors have not relied on zero-day exploits. Instead, they often succeed by manipulating publicly known vulnerabilities and avoidable weaknesses.
Ongoing access to our networks enables Beijing to collect intelligence, disrupt service, and “selectively intercept or expose private communications…. While Salt Typhoon is best understood as an espionage campaign based on communications access, Volt Typhoon has been framed as pre-positioning for potential disruption of critical infrastructure ahead of a military attack.”
Private companies have been sloppy. But the situation is worse than it had to be. By forcing telecom firms to provide “ ‘lawful intercept’ wiretap interfaces,” the federal government has invited the incursions by China and others.
As remedy, War on the Rocks suggests that the U.S. government “regulate telecom networks as critical infrastructure. This means moving beyond purely voluntary frameworks and enforcing mandatory safety baselines, like structural inspections required for bridges or pre-flight checks for commercial aviation.” And that the government stop mandating back doors and weak encryption.
Also see:
StoptheCCP.org: “How to Thwart China’s Cyberattacks”
“Infrastructure for ‘lawful interception’ is just as available for unlawful interception.”
