The FBI has revealed that a Chinese-backed hacking group known as Salt Typhoon has compromised the networks of more than 200 companies across the United States. The operation, which has been active for years, highlights the growing cybersecurity threat posed by state-sponsored groups.
According to Brett Leatherman, the FBI’s assistant director for cyber, the scale of the campaign extends far beyond U.S. borders. In fact, companies in at least 80 other countries have also been affected. While specific victims were not named this time, past reports confirmed that major telecom giants such as AT&T, Verizon, and Lumen were targeted. Additional companies like Charter Communications and Windstream were later identified among those hit.
The hackers’ primary objective was to gather intelligence by intercepting sensitive call records. By doing so, they were able to trace communications between high-ranking American officials and political figures. This included identifying not only who these leaders were in contact with but also uncovering individuals under U.S. surveillance orders. The severity of the breaches once forced the FBI to recommend that Americans use encrypted messaging apps to keep their communications private.
A joint security advisory released on Wednesday—backed by the FBI and nearly two dozen international partners—shed further light on Salt Typhoon’s methods. The group is known to exploit vulnerabilities in company routers to gain access and reroute network traffic, giving them direct visibility into confidential data. The advisory also provided organizations with technical instructions to detect and mitigate these intrusions.
Leatherman emphasized in his remarks that the Chinese cyber campaign remains an “ongoing” and active threat. The FBI continues to work with both domestic companies and global partners to track the hackers’ activity and to strengthen defenses against future attacks.
The revelation underscores the scale and persistence of nation-backed cyber-espionage efforts, with China emerging as one of the most aggressive players. For businesses, the case serves as a stark reminder of the importance of robust cybersecurity measures and timely updates to critical network infrastructure.
With the number of victims continuing to rise, Salt Typhoon’s activities represent not just an attack on individual companies but a direct challenge to national security and global digital stability.
