Chinese telecom hackers likely holding stolen data ‘in perpetuity’ for later attempts, FBI official says

szakalikus/Getty Images

Featured eBooks
Health Tech
Read Now

CDM

Read Now

Future-Ready Workforce

Read Now
Insights & Reports
The Ultimate Guide to Identity for AI
Presented By Carahsoft
Download Now
The state of Federal Contracting within Government Agencies with Patrick Hughes
Presented By Carahsoft
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

“I think it’s important to say we do not know exactly what the [People’s Republic of China] intends to do with a lot of this information,” said FBI cyber official Michael Machtinger.

A Chinese state-backed hacking group that was discovered in telecom operators and other communications systems is likely holding onto pilfered data “in perpetuity” for future theft and cyber exploitation, a top FBI official said Thursday.

Salt Typhoon, as the group is widely known, accessed dozens of telecom providers around the world in a multi-year espionage campaign that was first publicly disclosed in 2024. In the U.S., the hackers targeted communications of top political officials by accessing the government’s “lawful intercept” systems that facilitate court-ordered wiretapping requests.

The breach has been widely deemed one of the worst telecom espionage intrusions in U.S. history. It remains unconfirmed whether the cyberspies have been fully purged from American networks.

“I think it’s important to say we do not know exactly what the [People’s Republic of China] intends to do with a lot of this information,” said FBI deputy assistant director for cyber intelligence Michael Machtinger at CyberScoop’s CyberTalks event. “But we have no doubt that it could be used for surveillance and certainly future exploitation.” 

“Presumably, this data, once stolen, will be held in perpetuity by the Chinese government and added and aggregated with everything else they have, and everything else they will steal from each and every one of us,” he said.

He added that Salt Typhoon, for certain, “stole information from well over a million Americans directly.”

The notion of holding onto exfiltrated data for future hacks is not novel, and is a common talking point among cyber officials and industry executives who note that such data can be a long-term value-add for foreign adversaries who want to build exploits and hacking tools for later operations. Stolen personal data can also be used for fraud attempts.

The FBI acknowledged last year that the telecom intrusions were in motion since at least 2019. Phone communications are a prime target for foreign intelligence services because they can provide a rich source of information about private governments’ discussions and other sensitive personnel details.

Lawmakers are still exploring the impact of the breaches. Sen. Maria Cantwell, D-Wash., said earlier this month that Verizon and AT&T are preventing the release of cyber intelligence documents tied to Salt Typhoon.

The hackers’ campaign also reached beyond U.S. networks. Norway recently said that Salt Typhoon broke into several organizations across the country. Last month, The Telegraph reported that the hackers also targeted phone calls of senior United Kingdom government officials on Downing Street.

NEXT STORY: US cyber responses will be ‘linked to adversary actions’ and involve industry coordination, official says