Last Updated:
The Chinese hackers’ group, codenamed Salt Typhoon by Microsoft, exclusively collects counterintelligence on critical American assets and institutions during political campaigns
A group of Chinese hackers have disrupted the US telecommunication infrastructure after reports suggest that audio calls of political figures, including campaign adviser of Donald Trump, were intercepted.
Reports also suggested that Trump campaign was informed that the Republican presidential candidate and his running mate JD Vance were among a number of people inside and outside of government whose phone numbers were targeted through the breach of Verizon phone numbers.
Reuters also reported that Chinese hackers also targeted phones used by people affiliated with the campaign of Kamala Harris.
The Federal Bureau of Investigation (FBI) and US cybersecurity have confirmed they are investigating unauthorized access to commercial telecommunications infrastructure by a group of experts from China, codenamed ‘Salt Typhoon’. Though the authorities did not name the Trump campaign in the statement, nor it was clear what data was taken in the attack, reports said.
What is Salt Typhoon?
The Chinese group codenamed by Microsoft is suspected of using sophisticated techniques to hack into major systems – more recently, the American telecommunication companies. Microsoft has a practice of naming hacking groups after types of weather – ‘typhoon’ for hackers based in China, ‘sandstorm’ for efforts by Iran and ‘blizzard’ for operations done by Russia, as per The New York Times.
The term “salt” in the context of ‘Salt Typhoon’ denotes the group’s specialised focus on counterintelligence rather than conventional cybercrime involving corporate data theft or financial fraud.
The Salt Typhoon exclusively collect counterintelligence on critical American assets and institutions during campaigns or political seasons.
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) said in their statement that the ongoing collaborative efforts with private sector companies are underway to bolster cybersecurity defences. “After the FBI identified specific malicious activity targeting the sector, the FBI and CISA immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims”.
What Could Have Salt Typhoon Possibly Done?
The data as per the US security officials suggest that the group could have infiltrated major telecom companies, including but not limited to Verizon.
The New York Times reported that among the phones targeted were devices used by Trump and Vance.
The group’s effort is believed to be part of a larger operation to collect intelligence on Democrats, including staff members of both Vice-President Harris and Senator Chuck Schumer of New York, the majority leader, as per NYT.
How Serious is the Hacking?
The security agencies have categorised the magnitude of the phone breach as potentially transformative. The breach’s implications are sobering: US officials concede they may never fully know the extent of the data compromised, nor can they be sure the hackers have been fully ousted from these networks.
The data would be a wealth of useful intelligence that a foreign adversary like China could exploit. As per NYT, the information gained by ‘Salt Typhoon’ suggest that the American data networks are vulnerable than the officials think.
Officials also said the hackers could have infiltrated information that was beyond the 2024 political campaign, which could have far-reaching national security implications.
The Wall Street Journal reported last month that a cyberattack linked to the Chinese government had infiltrated some US broadband providers’ networks and might have been able to get information from systems used by the federal government in FISA (Foreign Intelligence Surveillance) court wiretap efforts.
A spokesman for Verizon, Rich Young, said, as quoted by The New York Times, that the company was “aware that a highly sophisticated nation-state actor has reportedly targeted several US telecommunications providers to gather intelligence.” He said Verizon is assisting law enforcement agencies in the investigation and working to address any continuing problems.
What About Iranian Hackers?
Microsoft in its report released last week said that Iranian-government-linked hackers have researched and probed election-related websites in several US swing states.
The researching of election-related websites took place in April but was only recently discovered by Microsoft analysts. The hackers also “conducted reconnaissance of major US media outlets” in May, according to Microsoft.
According to US intelligence agencies, Iran had tried to flare up tensions during the 2024 election, through hacking activity targeting Trump and by encouraging protest against the US policy towards Israel.
As per a CNN report, there is no evidence that the Iranians’ reconnaissance and probing — which typically involves searching websites for vulnerabilities — has escalated to attempted hacks of those websites.
The Iranian Permanent Mission to the United Nations denied the allegations in a statement.