The FBI, joined by an unusually broad coalition of international intelligence agencies, has warned that a sweeping Chinese government-backed hacking campaign has breached at least 200 U.S. organizations and extended its reach to 80 countries worldwide. The joint advisory, highlighted in The Washington Post, underscores what officials describe as a united global front against one of the most significant cyber-espionage campaigns in modern history.
The advisory brought together the Five Eyes alliance—the U.S., U.K., Canada, Australia, and New Zealand—alongside intelligence agencies from Finland, the Netherlands, Poland, and the Czech Republic. This rare alignment signals growing concern over the scale and severity of the attacks. “The expectation of privacy here was violated, not just in the US, but globally,” said Brett Leatherman, Assistant Director of the FBI’s cyber division.
According to investigators, the campaign has been linked to Salt Typhoon, a hacker group associated with China’s People’s Liberation Army and Ministry of State Security. The hackers allegedly infiltrated major telecommunications providers, extracting call records and even some law enforcement directives, allowing them to map out communication networks, including those tied to individuals under espionage suspicion. Leatherman confirmed that prominent U.S. politicians from both parties were among those impacted.
Officials revealed that the operation involved three private Chinese companies working alongside state units. Unlike traditional espionage campaigns, these companies were reportedly granted freedom to select their own targets, drastically widening the scope. Beyond telecom, industries such as hospitality and transportation were also compromised. “This shows much more broad, indiscriminate targeting of critical infrastructure across the globe in ways that go well outside the norms of cyberspace operations,” Leatherman emphasized.
The intrusions, first reported a year ago, are now being described as among the most consequential cyber breaches in history. Security experts caution that the campaign reflects Beijing’s intensifying offensive, with additional concerns that destructive capabilities may already be embedded in critical infrastructure such as power and water utilities.
Although the Cybersecurity and Infrastructure Security Agency (CISA) helped draft the advisory, it declined further comment. Critics, however, argue that previous funding cuts to CISA weakened U.S. defenses against such threats. Despite ongoing remediation efforts, officials admit uncertainty about whether the hackers have been fully expelled. Leatherman warned that hidden backdoors could allow re-entry: “Just because it was secure six months ago does not mean it is now.”
The advisory includes a detailed list of compromised devices, hacker techniques, and guidance for organizations to detect intrusions and bolster cybersecurity defenses.
