As security experts had long warned of sophisticated state-sponsored cyber threats, the scope of Chinese hackers’ infiltration of U.S. telecommunications infrastructure has exceeded even the most dire predictions, with at least nine major internet service providers compromised by August 2024.
The breached companies included AT&T, Verizon, Lumen Technologies, and T-Mobile, marking one of the most extensive cyber espionage campaigns against American telecommunications networks in recent history.
Major U.S. telecommunications giants fell victim to one of the most damaging cyber espionage operations in American history.
Microsoft threat researchers identified that these intrusions had been ongoing for over a year before detection, highlighting the sophisticated nature of the attacks. The hackers, linked to the advanced persistent threat group Salt Typhoon and China’s Ministry of State Security, exploited zero-day vulnerabilities in Versa Director and unpatched Fortinet and Cisco network devices.
They gained access to high-level network management accounts that lacked multi-factor authentication, establishing persistent access to critical telecommunications infrastructure.
The impact of these breaches was staggering in scope. Hackers accessed metadata from over one million users, including date and time stamps, source and destination IP addresses, and phone numbers.
High-profile targets included staff from the Kamala Harris 2024 presidential campaign and phones belonging to Donald Trump and JD Vance. Most concerning, the attackers compromised wiretapping systems used for court-authorized surveillance activities, potentially exposing sensitive government intelligence operations.
The Chinese government allegedly employed “hackers-for-hire” tactics, paying private companies like Anxun Information Technology Co., Ltd. to obscure government connections. In one particularly egregious case, hackers breached an Asian telecommunications company and remained undetected for over four years, demonstrating the long-term nature of these operations.
The U.S. government responded with unprecedented enforcement actions. On March 5, 2025, the Justice Department announced charges against 12 Chinese nationals for hacking activities.
The Treasury Department imposed sanctions on identified hackers and their organizations, whereas the State Department offered rewards up to $10 million for information on specific perpetrators. The attacks extended beyond telecommunications to include breaches of Treasury Department systems and other critical U.S. government networks.
Federal agencies also disrupted over 200,000 compromised routers, cameras, and connected devices being used by the China-based hacking group Flax Typhoon. Senator Mark Warner characterized the incident as the worst telecom hack in U.S. history, reflecting the severity of the national security implications.
