A sophisticated breach of U.S. telecommunications systems has extended to the presidential campaigns, raising questions about the group behind the attack and the extent of its efforts at collecting intelligence.
It was unclear what data was taken in the attack. The far-reaching operation has been linked to the Chinese government and attributed to a group experts call Salt Typhoon. Investigators believe hackers took aim at a host of well-connected Americans, including the presidential candidates — reflecting the scope and potential severity of the hack.
Here’s what to know.
What is Salt Typhoon?
Salt Typhoon is the name Microsoft cybersecurity experts have given to a Chinese group suspected of using sophisticated techniques to hack into major systems — most recently, U.S. telecommunication companies. The moniker is based on Microsoft’s practice of naming hacking groups after types of weather — “typhoon” for hackers based in China, “sandstorm” for efforts by Iran and “blizzard” for operations mounted by Russia. A second term, in this case “salt,” is used to denote the type of hacking. Experts say Salt Typhoon seems to be focused primarily on counterintelligence targets, unlike other hacking groups that may try to steal corporate data, money or other secrets.
What do U.S. officials think Salt Typhoon has done?
National security officials have gathered evidence indicating the hackers were able to infiltrate major telecom companies, including but not limited to Verizon.
The New York Times reported Friday that among the phones targeted were devices used by former President Donald Trump and his running mate, Sen. JD Vance of Ohio. The effort is believed to be part of a wide-ranging intelligence-collection effort that also took aim at Democrats, including staff members of both Vice President Kamala Harris’ campaign and Sen. Chuck Schumer of New York, the majority leader.
How serious is this hacking?
National security officials are still scrambling to understand the severity of the breach, but they are greatly concerned if, as it appears, hackers linked to Chinese intelligence were able to access U.S. cellphone and data networks. Such information can provide a wealth of useful intelligence to a foreign adversary like China.
To some degree, the breach represents a continuation of data collection on the types of targets that spies have been gathering for decades. In this instance, however, the sheer quantity and quality of the information Salt Typhoon may have gained access to could put the intrusion into its own category, and suggests that U.S. data networks are more vulnerable than officials realized.
What did the hackers get?
At this stage, that is still unclear. One major concern among government officials is whether the group was able to observe any court-ordered investigative work, such as Foreign Intelligence Surveillance Act collection — a highly secretive part of American efforts to root out spies and terrorists.
No one has suggested yet that the hackers were able to essentially operate inside individual targets’ phones. The more immediate concern would be if they were able to see who was in contact with candidates and elected officials, and how often they spoke and for how long. That kind of information could help any intelligence agency understand who is close to senior decision-makers in the government.
People familiar with the investigation say it is not yet known if the hackers were able to gain access to that kind of information; investigators are reasonably confident that the perpetrators were focused on specific phone numbers associated with presidential campaigns, senior government leaders, their staff members and others.
Like the weather, hacking is never really over, and the Salt Typhoon breach may not be over either. It is also possible that the United States may never learn precisely what the hackers got.
This article originally appeared in The New York Times.
© 2024 The New York Times Company