Salt Typhoon
Chinese state-sponsored (MSS-linked) · Signals intelligence / lawful intercept compromise
Tactics, Techniques & Procedures (TTPs)
- Compromise of telecoms lawful intercept infrastructure (CALEA systems)
- Persistent access to carrier-grade network equipment
- GhostEmperor rootkit for deep kernel-level persistence
- Targeting of government and political communications
- Lateral movement through peering relationships
Known Targets
Analyst Notes
Responsible for one of the most significant intelligence collection campaigns against Western telecoms infrastructure. Access in some carriers persisted for over 18 months after initial disclosure.
Also Known As
Intelligence Reports
Salt Typhoon: How China Compromised the West's Wiretap Infrastructure
The Salt Typhoon campaign against US and European telecommunications carriers was not a data breach in any conventional sense. It was a strategic intelligence operation targeting the systems governments use to conduct lawful surveillance.
Salt Typhoon Access Persists in European Telecoms More Than a Year After Initial Disclosure
Fourteen months after the US disclosed Salt Typhoon's compromise of major American carriers, intelligence assessments confirm the same group retains access inside at least two major European telecommunications networks.