White House Warns of Salt Typhoon Hacker Threat Greater Than Anticipated

Further concerning information surrounding the activities of the Chinese state-sponsored hacking group tracked as Salt Typhoon continues to emerge, with senior officials revealing during a December 4, 2024, White House briefing that eight U.S. telecommunications companies have been infiltrated—four of which were only recently disclosed. These cyberattacks, which began "likely one to two years ago," according to Deputy National Security Adviser Anne Neuberger, are part of a broader global espionage campaign affecting dozens of countries. Salt Typhoon’s operations targeted senior U.S. government officials and prominent political figures, exploiting vulnerabilities in telecom networks to intercept private communications. Neuberger confirmed, “We don’t believe any classified communications have been compromised,” but raised serious concerns, noting that the compromised organizations “have [not] fully removed the Chinese actors from these networks.” This aligns with a statement from a senior CISA official reported by BleepingComputer: “We cannot say with certainty that the adversary has been evicted, because we still don't know the scope of what they're doing. We're still trying to understand that, along with those partners," emphasizing the severity of the breaches.

Federal agencies, including the FBI and CISA, have issued technical guidance urging telecommunications companies to implement minimum cybersecurity standards, such as encryption, multi-factor authentication, and proactive monitoring for network anomalies. Neuberger stressed the urgency of these measures, stating that the White House “has made it a priority for the federal government to do everything it can to get to the bottom of this.” The implications of Salt Typhoon’s activities extend beyond U.S. borders, with telecom systems targeted worldwide. "The Chinese compromised private companies exploiting vulnerabilities in their systems as part of a global Chinese campaign that's affected dozens of countries around the world," Neuberger added. Given the ongoing threat and the insecurity of communications, U.S. officials have advised individuals to adopt encrypted messaging applications to safeguard sensitive data.