It recently emerged that Salt Typhoon, a state-sponsored Chinese hacker group, infiltrated at least 200 U.S. companies and penetrated networks in more than 80 countries.
The operation, one of the most extensive in modern cyberespionage, lays bare the fragility of global infrastructure in times of “peace.”
A long shadow over digital security
By: Gabriel E. Levy B.
The history of technological espionage did not begin with Salt Typhoon, but its scope casts a shadow that reconfigures the way we understand power in the 21st century.
From the first coordinated attacks against government systems in the 1990s, to campaigns such as Titan Rain in 2003, also attributed to Chinese actors, digital warfare escalated without the roar of the trenches, but with profound consequences.
Shoshana Zuboff, in The Age of Surveillance Capitalism (2019), warned that data has become the new oil, disputed by companies and states. This struggle ceased to be merely economic when states discovered that civilian infrastructure could be transformed into a strategic weapon.
In this field, China designed a state policy of cyber control and digital espionage as an extension of its national security project and geopolitical expansion.
Salt Typhoon is part of that logic.
Unlike other groups, it did not seek to innovate with unknown techniques, but to exploit cracks that were already open. He used public vulnerabilities, tools available to anyone with intermediate knowledge, and applied them with military systematicity. The difference was not in ingenuity, but in the scale and persistence of the operation.
Understanding Salt Typhoon
Salt Typhoon is the name Microsoft gave to a group of Chinese hackers directly linked to the state, the Ministry of Security and the People’s Liberation Army.
Its specialty consists of attacks against large-scale critical infrastructure, not only in the United States, but also in dozens of countries in Europe, Asia and Oceania.
This collective does not come out of nowhere: it is part of a tradition of Chinese cyber operations that dates back to the early 2000s, when campaigns such as Titan Rain, detected in 2003, already evidenced systematic attempts to infiltrate Western military and government networks.
Over the past decade, names like APT10 (also known as Cloud Hopper) and APT41 cemented China’s reputation as a cyberespionage powerhouse, combining intellectual property theft with strategic global surveillance goals.
Salt Typhoon inherits that logic, but introduces a notable difference: instead of relying on innovative attacks with zero-day vulnerabilities, it exploits known flaws and exploits them massively, persistently, and silently.
Their goal is not simply to disrupt services or steal timely information, but to embed themselves in systems, alter firmware, and remain hidden for as long as possible to collect sensitive data and trace communication networks of political, business, and military elites.
In this way, it becomes a central player in the new phase of cyberconflict, in which scale, persistence and the capacity for global disruption matter more than isolated technical sophistication.
The Recent Attack
The campaign attributed to the Salt Typhoon group, under the umbrella of the Chinese state, revealed an unprecedented capacity for infiltration into the global communications infrastructure.
The attack began surgically against nine major telecommunications operators in the United States, including Verizon, AT&T, T-Mobile and Lumen.
Once access to these central nodes was secured, the hackers expanded their radius of action to other industries and countries, weaving an espionage network that reached at least 200 U.S. organizations and more than 80 nations on different continents.
The mechanism consisted of an expansive logic: compromising the most strategic connection points and then radiating the interference to sectors such as transportation, accommodation, government institutions and even military networks.
According to Brett Leatherman, an FBI cybersecurity official, it was a “much broader and indiscriminate attack on critical infrastructure around the world,” which went beyond the unspoken norms that until now regulated confrontation in cyberspace.
Faced with this scenario, allied security agencies resorted to the Five Eyes cooperation agreement, made up of the United States, the United Kingdom, Canada, Australia and New Zealand, and expanded the coalition by adding Finland, the Netherlands, Poland and the Czech Republic, in a common front that sought to contain the magnitude of the offensive.
The investigation identified as responsible three Chinese companies that, under the guise of private firms, would have offered services to the People’s Liberation Army and the Ministry of State Security: Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology.
The most disturbing paradox lies in the fact that these same companies, turned into cogs in the espionage machinery, were also victims of leaks: part of their internal data appeared in clandestine forums on the dark web, which opens the possibility that critical information about their operations could remain in the hands of other actors, state or criminal.
This double-edged edge shows the structural fragility of a digital ecosystem where the perpetrators of surveillance also end up surveilled.
An unprecedented coalition against espionage
The international coalition of 13 countries, including the United States, Britain, Australia and Japan, issued a joint warning against Chinese operations.
For the first time, governments traditionally jealous of their cybersecurity strategies directly singled out three Chinese tech companies linked to the Ministry of State Security and the People’s Liberation Army.
That move reflects a transition: cyberespionage has ceased to be a bilateral issue and has become a global concern.
The Salt Typhoon campaign targeted critical infrastructure, from telecommunications to transportation and accommodation. It was not about stealing industrial secrets, but about mapping how the political and economic elites of the planet communicate.
The threat, according to Brett Leatherman, deputy assistant director of the FBI, is “ongoing.” It is not an isolated coup, but a mechanism installed at the heart of the networks, designed to monitor and, when the time comes, destabilise.
An attack that reveals the fragility of digital life
The question behind this episode is uncomfortable: what does it mean that a foreign state group can intercept calls from senior officials, manipulate central routers, and monitor movements globally without firing a single missile?
Invisible warfare is unfolding without immediate headlines, but with long-term implications that could surpass traditional armed conflicts.
Salt Typhoon exposed the paradox of contemporary technological security.
The attackers did not rely on sophisticated zero-day, unknown vulnerabilities that require a high degree of engineering, but on flaws already documented and publicly accessible.
That means the problem lies not only in the genius of the attackers, but in the structural negligence of the defenders: outdated systems, routers with outdated firmware, and protocols that remained open for years.
The operation did not seek to destroy, but to persist.
Modifying the firmware of core routers allowed hackers to hide in the heart of the network, where neither reboots nor conventional cleanups can drive them out. There, they intercepted call logs, messages, and sensitive data.
Espionage ceased to be the romantic image of the undercover agent and became an industrial process of mass information extraction.
This dynamic poses an ethical and political dilemma.
While Western governments denounce Chinese espionage, they also deploy their own capabilities in the same field.
The discourse of privacy protection is contradicted by mass surveillance practices that Edward Snowden denounced more than a decade ago.
The real battleground, then, is citizen confidence in the promise of digital security that states and corporations cannot guarantee.
Espionage on a global scale: examples of intrusion
The extent of the operation is measured in its specific cases.
In the United States, Salt Typhoon compromised carriers such as AT&T and Verizon, allowing calls from officials in Washington to be monitored.
According to intelligence sources, the communications of several congressmen and diplomats went through altered routers.
It was not a matter of spying on isolated individuals, but of establishing a map of power relations.
In Europe, leaked reports indicated that transport networks in Germany and France suffered intrusions that allowed them to know mobility patterns of senior officials.
In Asia, several international airports detected anomalies in their communication systems, associated with this same group.
Even global lodging chains reported intrusions that could have allowed the location of leaders to be tracked on official visits.
The coalition of 13 countries stressed that more than 80 nations had their networks compromised.
This includes small island States, which do not represent direct military value, but do offer strategic transit routes for submarine telecommunications cables.
Salt Typhoon showed that in digital warfare there are no peripheral territories: every node is relevant in the cartography of information.
Espionage was not limited to governments.
Critical infrastructure companies, such as electricity operators and internet providers, were also targeted.
The logic is clear: knowing how the arteries of a society function and communicate offers a decisive advantage in a scenario of future confrontation.
In conclusion
The Salt Typhoon episode reveals an uncomfortable truth: we live in a hyper-connected world whose infrastructure rests on invisible cracks. The international coalition denounced Chinese espionage, but the threat did not stop with statements.
The digital war is being waged quietly, between software updates and forgotten routers, and calls into question the very idea of sovereignty in the information age. The challenge, for states and citizens, is to understand that the next great battle may have already begun without anyone hearing a gunshot.
References
- Zuboff, Shoshana. The era of surveillance capitalism. Barcelona: Paidós, 2019.
- Castells, Manuel. The information age. Economy, society and culture. Volume I. Madrid: Alianza Editorial, 1996.
- Statements by Brett Leatherman, Deputy Assistant Director of the FBI, collected in the International Cybersecurity Advisory (2025).
