The list of telecommunications victims in the Salt Typhoon cyberattack continues to grow. A new report names Charter Communications, Consolidated Communications, and Windstream, among those breached by Chinese government spies. AT&T, Verizon, and Lumen Technologies had previously disclosed that their networks had been compromised.
The White House stated that Salt Typhoon had breached at least nine companies. The Wall Street Journal report adds Charter, Consolidated, and Windstream to the list of compromised telecom companies. These companies declined to comment.
The report also included T-Mobile among the affected networks. However, a T-Mobile spokesperson refuted these claims, stating that “T-Mobile is not one of the nine being referenced by the government.”
The WSJ disclosed that the PRC spies exploited unpatched network devices from Fortinet and Cisco to infiltrate the networks. In one of the breaches, the intruders gained control of a “high-level network management account” that lacked multi-factor authentication.
This gave them access to over 100,000 routers.
China-backed hacks hit US telecom networks
This unauthorized access, which reportedly occurred in AT&T’s networks, may have allowed the hackers to reroute traffic back to China and erase their digital footprints.
This development follows a 2024 warning from the Justice Department about another Chinese-government-linked group, Volt Typhoon. Volt Typhoon had compromised Cisco routers with malware to infiltrate US energy, water, and manufacturing facilities. More recently, there have been reports of Volt Typhoon exploiting old Cisco routers to breach critical infrastructure networks.
Chinese government-linked hackers have previously targeted Fortinet vulnerabilities in other cyberattacks. AT&T, Cisco, and Fortinet did not comment on these incidents immediately. In a parallel development, Chinese spies reportedly breached US Treasury Department workstations in late 2024.
This marked a year filled with targeted intrusions into American critical infrastructure networks. According to CrowdStrike Senior VP of Counter Adversary Operations Adam Meyers, these digital break-ins signal a shift from conventional spying to preparatory actions for future cyber conflicts. “Every organization should consider this a warning that hostile nation-state entities are active,” Meyers stated.
If your business has ties to the international ecosystem or provides critical infrastructure services, you are in the line of fire.
