日本語
한국어
Tiếng Việt
简体中文
A sophisticated Chinese cyberespionage campaign, identified as “Salt Typhoon,” has potentially stolen sensitive information from millions of people in the United States over several years, according to a top FBI cyber official. The scale of this intrusion into telecommunications networks is unprecedented, raising alarms about national security and individual privacy.
“There’s a good chance this espionage campaign has stolen information from nearly every American,” revealed Michael Machtinger, Deputy Assistant Director for the FBI’s cyber division. Dispelling a common misconception, Machtinger emphasized that the threat extends beyond individuals in sensitive government or defense roles. “As we have seen from Salt Typhoon, this is no longer an assumption that anyone can afford to make.”
Global Reach of a Reckless Campaign
The Beijing-backed spying operation, which began at least as early as 2019, remained undetected by US authorities until last fall. A recent joint security alert issued by US law enforcement and intelligence agencies, alongside 12 other nations, confirmed that the espionage activity stretched far beyond an initial nine American telecommunications providers and government networks. Machtinger disclosed that at least 80 countries and approximately 200 American organizations, including major carriers like Verizon and AT&T, fell victim to these digital intrusions.
The alert also directly linked three China-based entities—Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology—to Salt Typhoon. These companies are believed to provide cyber products and services to China’s Ministry of State Security and the People’s Liberation Army.
“This is one of the most consequential cyber espionage breaches that we’ve ever seen in the United States,” Machtinger stated. He characterized the actions of the People’s Republic of China (PRC) through these proxy actors as “reckless and unbounded,” significantly deviating from established espionage norms. “The scale of indiscriminate targeting is unlike what we’ve seen in the past.”
Deep Surveillance and High-Profile Targets
This indiscriminate targeting allowed Chinese operatives to not only geo-locate millions of mobile phone users and monitor their internet traffic but, in some cases, even record phone calls. While Machtinger declined to confirm specific high-profile individuals, he did acknowledge that victims included over 100 current and former presidential administration officials, as well as campaign appointees from both major political parties.
For the broader population, Salt Typhoon collected “bulk information from millions of Americans.” However, for the more targeted, high-profile individuals, the data collection was “much deeper,” extending to “intercepting actual content.”
Beyond Salt Typhoon: A Broad Threat Landscape
The FBI has issued multiple warnings over the past year about various Chinese cyber operations. These include the Volt Typhoon intruders, who leveraged outdated routers to build a botnet capable of accessing US critical infrastructure, seemingly prepositioning for potential destructive cyberattacks. Another China-linked group, Silk Typhoon, has spent over a decade compromising IT and cloud providers to pilfer sensitive data from their government, technology, education, and legal sector clients.
Machtinger underscored that China is not the sole source of cyber threats. Russia, Iran, North Korea, along with international and domestic cybercriminals, relentlessly target individuals and organizations. “These actors are going to continue their efforts, and they’re going to get more sophisticated,” he warned.
Strengthening Cyber Defenses
In response to the escalating threats, the FBI urges a nationwide commitment to cybersecurity. “We need to make sure that we, as a nation, are taking cybersecurity seriously, updating systems, removing end-of-life devices, and making it as hard and costly as possible for the myriad of actors that are out there to successfully compromise,” Machtinger concluded.