The Salt Typhoon hackers didn’t just break into telecom networks. They got inside the wiretapping systems themselves. That single fact changes how security experts understand this breach — and what comes next.
On August 27, 2024, The Washington Post reported that at least two major U.S. internet service providers had been compromised by Chinese hackers. That number later grew to nine firms, including AT&T, Verizon, Lumen Technologies, and T-Mobile. The attackers, linked to China’s Ministry of State Security through an advanced persistent threat group known as Salt Typhoon, accessed sensitive metadata from over a million users. Date and time stamps. Source and destination IP addresses. Phone numbers.
But the real story is what they did with that access. The hackers breached the systems used to conduct court-authorized wiretapping. That is not a routine backdoor. That is the government’s own surveillance infrastructure, turned against the government.
The metadata haul itself is staggering. Over a million users. But metadata tells a story. It maps relationships, movements, patterns of life. When you know who called whom, when, and from where, you know a lot. You know who a person’s doctor is. Who their lawyer is. Who they meet at 2 a.m. You do not need the content of the call when the metadata is this rich.
The breach hit political operatives directly. Staff of the Kamala Harris 2024 presidential campaign were affected. So were phones belonging to Donald Trump and JD Vance. That is not collateral damage. That is targeting. The attackers went after the people at the top of the U.S. political system.
Salt Typhoon is not a new player. The group has been tracked for years. But this attack marks a clear escalation. Breaking into commercial telecoms is one thing. Getting into the wiretap systems is another. It suggests the hackers either had insider knowledge or spent years mapping the infrastructure. Either possibility is bad.
China’s Ministry of State Security runs these operations. That is not speculation. Attribution is firm. The MSS has a long history of cyber espionage, but targeting the U.S. telecommunications sector at this scale is a step up. It signals that Beijing is willing to risk open confrontation in cyberspace.
The implications are grim. If the hackers can access wiretapping systems, they can monitor who the FBI is monitoring. They can see which targets the U.S. government considers threats. They can potentially alter or disrupt those wiretaps. They can feed false information into the system.
Telecom networks are the backbone of modern communication. Every call, every text, every data packet flows through them. Compromising nine major providers gives the attackers a panoramic view of American life. Not just politics. Business. Finance. Personal relationships. Medical consultations. Everything.
This is not a one-off hack. It is a strategic operation. The attackers did not grab data and run. They established persistent access. They burrowed deep. They will be back. They likely never left.
The investigation continues. More details will emerge. But the core reality is already clear: the U.S. telecommunications sector suffered a catastrophic breach, and the people responsible work for a foreign government. That is not a technical problem. That is a national security crisis.
