US officials have accused hackers linked to the Chinese government of breaching security at major telecommunications companies and federal agencies, marking the latest escalation in cyber tensions between the two nations. The most recent attack targeted the US Department of the Treasury, with officials labeling the infiltration a “major incident.”
A Widening Cyber Offensive: What’s Been Hacked?
The Treasury Department hack, announced Monday, comes on the heels of other alarming cyber incidents involving US and Western entities. Officials revealed that the hackers gained access to employee workstations and some unclassified documents, escalating fears about the scope of China’s cyber operations. China has denied involvement, but the pattern of breaches tells a different story.
This breach follows news from late October that hackers affiliated with the People’s Republic of China targeted both major US presidential campaigns. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) confirmed the attack on White House campaign networks, raising concerns about electoral integrity. Earlier this year, an operation successfully breached telecommunications firms, including industry giants AT&T and Verizon, exposing sensitive corporate and consumer data. Additionally, seven Chinese nationals were charged in March for running a 14-year-long hacking operation targeting foreign critics, businesses, and politicians.
Globally, China’s cyber operations have extended beyond the US. The UK’s Electoral Commission and parliaments in New Zealand and the UK have also fallen victim to Chinese-linked hacking groups, demonstrating a sophisticated and wide-reaching cyber campaign.
Who Are the Hackers Behind the Attacks?
The hacks are attributed to various groups believed to be connected to the Chinese state. These groups, often given nicknames by cybersecurity firms, operate with distinct strategies and objectives. The group responsible for breaching telecommunications companies is known as “Salt Typhoon,” a name coined by Microsoft researchers. Other firms have identified the same group under aliases such as Famous Sparrow, Ghost Emperor, and Earth Estrie.
Another group, nicknamed “Volt Typhoon,” has been accused of targeting critical infrastructure organizations, aiming for potential disruption attacks rather than immediate theft. Meanwhile, the seven Chinese nationals charged earlier this year were linked to an operation known as “Zirconium” or “Judgment Panda,” which targeted prominent critics of the Chinese government.
The UK’s National Cyber Security Centre has also implicated Judgment Panda in hacking the emails of UK parliamentarians in 2021, further highlighting the group’s global reach. Experts suggest that these groups are highly coordinated and operate under the directive of the Chinese government to collect data and undermine foreign interests.
What Was Collected During the Hacks?
The recent wave of hacks appears to have targeted high-profile individuals and data with potential strategic value to the Chinese government. Among those affected were President-elect Donald Trump, Vice-President-elect JD Vance, and staffers working for Vice President Kamala Harris’s campaign. These breaches underscore the hackers’ focus on gathering politically sensitive intelligence.
Another troubling revelation involves the hackers accessing a database containing phone numbers under law enforcement wiretaps. Such information could enable foreign operatives to identify spies under surveillance, potentially compromising critical investigations.
Millions of Americans may have had their personal data exposed through attacks on telecommunications companies, which are crucial repositories of sensitive consumer information. Experts, like Richard Forno from the University of Maryland’s Cybersecurity Institute, believe these efforts represent a broad data collection campaign. “It’s more generic information gathering, let’s see what we can get into, and see what we can find,” Forno explained.
As the US grapples with these cybersecurity threats, the breaches serve as a stark reminder of the growing sophistication of state-sponsored cyber operations and the vulnerabilities in critical infrastructure worldwide.
How Worried Are US Officials?
U.S. lawmakers from both major political parties have voiced grave concerns about the cybersecurity breach attributed to Salt Typhoon, a Chinese hacking group. Senator Mark Warner, a leading Democrat, described the incident as “the worst telecom hack in our nation’s history,” highlighting the profound national security implications.
Brendan Carr, a Trump-nominated chairman of the Federal Communications Commission, echoed similar concerns, calling the intelligence briefing on the hack “deeply, deeply concerning.” Speaking to CNBC, Carr admitted that the revelations made him consider drastic actions like “smashing his phone.” FBI Director Christopher Wray further amplified the alarm by describing the hack as China’s “most significant cyber-espionage campaign in history.” Wray also reiterated previous warnings about the scale of China’s hacking program, asserting that it is larger than those of all other major nations combined.
Western Allies and Their Reactions
The U.S. response to Salt Typhoon’s activities extends beyond rhetoric. Earlier this month, U.S. authorities charged seven Chinese nationals linked to the hacking campaign. Additionally, they issued a warning to China Telecom Americas, the U.S. branch of one of China’s largest communications firms, designating it a national security threat. The company now faces a 30-day deadline to respond and could ultimately face an operational ban in the United States.
Mike Waltz, Trump’s incoming national security adviser, emphasized the need for higher costs and consequences for foreign hackers. His sentiments were echoed by Richard Forno of the UMBC Cybersecurity Institute, who suggested that the hacking campaign was likely years in the making. Forno criticized the U.S. for its reactive approach to cybersecurity compared to China’s long-term, strategic methods.
China’s Official Response
China has denied all allegations, with Foreign Ministry spokeswoman Mao Ning calling the accusations “baseless” and “lacking evidence.” Ning reaffirmed China’s opposition to all forms of hacking and accused the U.S. of using cybersecurity issues for political purposes.
Meanwhile, a Chinese embassy spokesperson accused the U.S. of spreading disinformation and smearing China’s reputation. “The U.S. needs to stop using cybersecurity to slander China and spreading all kinds of disinformation about so-called Chinese hacking threats,” the spokesperson said in a statement.
This escalating cyber conflict underscores a widening chasm in U.S.-China relations, with global implications for cybersecurity and international diplomacy.
