'Large number' of Americans' metadata stolen in cyberespionage campaign by Chinese hackers

A Chinese hacking group called "Salt Typhoon" has attacked eight American telecommunication companies. This cyberespionage campaign has also impacted communications in dozens of countries, with the hackers stealing a large amount of American metadata, a senior White House official revealed on Wednesday.
Deputy National Security Advisor Anne Neuberger disclosed the scope of the campaign, which granted Chinese officials access to private text messages and phone calls, including those of senior US government officials and prominent political figures.
The announcement followed Tuesday's joint advisory from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) offering guidance to help organizations identify and remove malicious actors. The White House warned that the number of affected telecom firms and nations could rise as investigations continue.
While the hackers targeted specific individuals, raising concerns about potential ongoing vulnerabilities, Neuberger assured the public that classified communications remain secure.
“We don't believe any classified communications has been compromised,” Neuberger stated during a press briefing. She emphasized the ongoing risk to communications until companies fully address the exploited security gaps, noting that none have yet completely removed the Chinese hackers from their networks.
This incident follows a confirmed October report of Chinese hackers targeting the phones of then-presidential candidate Donald Trump, his running mate J.D. Vance, and individuals associated with then-candidate Kamala Harris.
The Chinese embassy in Washington denied involvement on Tuesday, with spokesperson Liu Pengyu stating, “The U.S. needs to stop its cyberattacks against other countries and refrain from using cyber security to smear and slander China."
Neuberger also highlighted previous efforts to strengthen cybersecurity in critical sectors like rail, aviation, and energy following the 2021 Colonial Pipeline ransomware attack. She emphasized the need for similar cybersecurity practices across telecommunications to prevent future incidents.