The FBI just revealed the staggering scope of China's Salt Typhoon hacking campaign: at least 200 American companies and businesses across 80 countries have been compromised in what's now confirmed as one of the most extensive state-sponsored cyber operations in history. The campaign remains active and ongoing, according to FBI cyber chief Brett Leatherman.
The numbers are staggering, and they're only getting worse. What started as a suspected breach of a handful of US telecom providers has exploded into a global espionage operation affecting at least 200 American companies and spreading across 80 countries worldwide, according to FBI assistant director Brett Leatherman's latest briefing to The Washington Post.
The revelation marks the first time US officials have quantified the true scope of the Salt Typhoon campaign, and the scale is breathtaking. Previously confirmed victims include telecommunications giants AT&T, Verizon, and Lumen, along with Charter Communications and Windstream. But Leatherman's disclosure suggests hundreds more companies have been silently compromised.
[Embedded image: Global map showing the 80 countries affected by Salt Typhoon intrusions]
The hackers didn't just break in for bragging rights. According to the FBI's analysis, Salt Typhoon operatives systematically targeted call records and metadata belonging to senior American politicians and government officials. This intelligence goldmine allowed Chinese operatives to reverse-engineer US surveillance operations, mapping out who American intelligence agencies were monitoring and through what legal channels.
"The threat was so severe that we had to take the unprecedented step of recommending Americans switch to encrypted messaging apps," a senior FBI official told reporters during a background briefing. The agency's December advisory marked the first time the Bureau actively encouraged citizens to adopt encryption tools to protect against foreign surveillance.
The technical details reveal sophisticated tradecraft. Salt Typhoon operators primarily compromise company routers and network infrastructure, allowing them to siphon sensitive traffic without detection for months. The FBI's new technical advisory published Wednesday offers the first comprehensive guidance for identifying these intrusions, developed in collaboration with nearly two dozen international intelligence agencies.
