Senator says AT&T and Verizon blocked release of Salt Typhoon security reports

Sen. Maria Cantwell (D-WA) speaks t during a hearing in the U.S. Capitol on December 17, 2025 in Washington, DC.

Sen. Maria Cantwell (D-WA) speaks t during a hearing in the U.S. Capitol on December 17, 2025 in Washington, DC. Heather Diehl/Getty Images

Featured eBooks
CDM
Read Now

Future-Ready Workforce

Read Now

Health Tech

Read Now
Insights & Reports
From Ambition to Action: Modernizing Federal Healthcare IT
Presented By Google Public Sector
Download Now
Smarter Contracting for Federal Agencies and Government Contractors
Presented By Carahsoft
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

“AT&T and Verizon apparently intervened” to block a major cyber intelligence firm from sending documentation about the telecom hackers, Sen. Maria Cantwell wrote in a letter.

Sen. Maria Cantwell, D-Wash., said Tuesday that Verizon and AT&T are preventing the release of documents tied to Salt Typhoon, a Chinese cyber collective that infiltrated U.S. telecom networks and other communications systems around the world.

Cantwell wrote in a letter that she sought network security assessments conducted by Google-owned cybersecurity firm Mandiant, but said the company declined to hand over the materials after receiving direction from both AT&T and Verizon.

Now, Cantwell wants the companies' chief executives to testify before Congress.

Both carriers, which were accessed by the hackers at some point before the breaches were discovered in 2024, “have chosen not to cooperate, which raises serious questions about the extent to which Americans who use these networks remain exposed to unacceptable risk,” Cantwell wrote in a letter addressed to Senate Commerce Committee Chairman Ted Cruz, R-Texas. Cantwell serves as ranking member of the panel.

“The Commerce Committee discussed Salt Typhoon and other cybercommunications threats in its December hearing, ‘Signal Under Siege: Defending America’s Communications Networks,’” a Commerce Committee spokesperson said in a statement when asked about the letter.

Mandiant and AT&T declined to comment. Nextgov/FCW has also asked Verizon for comment.

Cantwell said AT&T and Verizon acknowledged the existence of cybersecurity assessments detailing vulnerabilities in their networks, but then blocked both Congress and the firm that conducted the reviews from sharing those findings.

She “wrote to Mandiant requesting copies of these reports and other relevant documentation. But AT&T and Verizon apparently intervened to block Mandiant from cooperating with my requests,” the letter says.

The FBI assessed last year that Salt Typhoon targeted over 80 countries and said some 600 organizations were notified of potential compromise. Deemed one of the worst intelligence breaches in U.S. history, Chinese cyberspies also compromised several carriers’ “lawful intercept” systems that facilitate court-ordered wiretap requests, allowing them to target key officials’ phone calls, including President Donald Trump and Vice President JD Vance.

The dynamic described by Cantwell mirrors a similar matter reported by Nextgov/FCW this past June in which two major U.S. telecom operators’ incident response staff were instructed by outside counsel not to look for signs of Salt Typhoon presence, a person familiar said at the time. The person declined to name the firms because the matter is sensitive.

NEXT STORY: AI info-sharing center is in development, CISA official says