China Used Three Private Companies to Hack Global Telecoms, U.S. Says

A coalition of U.S. agencies and 12 allied governments has revealed that three private Chinese companies played a crucial role in one of the most daring hacking operations to date, including snooping on text messages from high-profile campaigns such as Kamala Harris' and Donald Trump's.

The operation, known as Salt Typhoon, targeted telecommunication companies around the world, including AT&T and Verizon last year. This allowed China to potentially access text and telephone communications between millions of people and track their locations. The shocking details were revealed in a 37-page technical report released by the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency, as well as intelligence and law enforcement bodies from Australia, Canada, Germany, Japan, and the United Kingdom, among others.

The campaign, which has been ongoing since 2021, also targeted government, transportation, lodging, and military infrastructure networks around the world. According to an FBI spokesperson, Salt Typhoon has hacked more than 200 companies across 80 countries. NBC News reported in July that the Defense Department quietly concluded this year that Salt Typhoon had also broken into at least one state's National Guard network for nearly a year before it was detected.

The three private Chinese companies involved in the operation are Beijing Huanyu Tianqiong Information Technology, Sichuan Zhixin Ruijie Network Technology, and Sichuan Juxinhe Network Technology. While the Treasury Department sanctioned the Sichuan-based Sichuan Juxinhe Network Technology over Salt Typhoon activity in January, Western governments had not previously accused the other two companies of global hacking operations.

Little information about the companies is available online, and they could not be reached for comment. A spokesperson for China's embassy in Washington did not immediately respond to a request for comment.

The Chinese government has denied involvement in overseas hacking activities and has accused the U.S. and its allies of similar behavior. However, experts say it is remarkable that the three firms appeared to be actual functioning companies, not merely fronts for Chinese intelligence. "Which means the MSS [Ministry of State Security] effectively used three private companies working in collaboration to hit some of the most important collection targets on the planet," said Dakota Cary, a China analyst at the cybersecurity company SentinelOne.

"It is inconceivable that the U.S. would ask a private company to hack Xi's phone," he added, referring to Chinese President Xi Jinping. While Salt Typhoon does not exclusively hack telecommunications companies, it has proven remarkably adept at doing so. Its hack of AT&T and Verizon alone gave China access to phone data on more than a million people in the Washington, D.C., area.

The kind of access provided by Salt Typhoon gives intelligence agencies the potential not only to spy on phone calls and text messages but also to track people's locations. The report found that "the data stolen through this activity against foreign telecommunications and Internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targets' communications and movements around the world."

AT&T and Verizon have said they have removed the hackers from their systems, although they remain vulnerable to being broken into again. The implications of Salt Typhoon are far-reaching, highlighting the importance of global cooperation in preventing cyber attacks and protecting sensitive information.