Former FBI Cyber Official: Chinese 'Salt Typhoon' Campaign Likely Affected Every American

A former senior FBI cyber official says a broad Chinese state-linked cyber campaign known as the Salt Typhoon operation likely affected a large portion of the U.S. population and touched many aspects of everyday life.

In September, a joint advisory from international law enforcement and intelligence agencies, including the FBI and the National Security Agency, warned that actors tied to the Chinese state were "targeting" multiple sectors across the United States. The advisory said intrusions impacted telecommunications providers, government networks, transportation systems, lodging companies and some military infrastructure.

The campaign was not limited to the United States; investigators reported Salt Typhoon reached multiple countries. Authorities attribute the operation to three Chinese companies that, according to the advisory, are believed to work on behalf of China's intelligence apparatus, including units connected to the People’s Liberation Army and the Ministry of State Security.

By collecting the data obtained in these intrusions, China's intelligence services could "identify and track their targets' communications and movements around the world," the advisory warned.

Cynthia Kaiser, a former senior official in the FBI's cyber division, said she found it hard to imagine any American who had not been touched by the breach: "I can’t imagine any American was spared given the breadth of the campaign."

Officials have reported that senior U.S. government figures and prominent political actors had their communications accessed during the campaign.

Pete Nicoletti, chief information security officer at Check Point, said the Salt Typhoon operators obtained sweeping access to telephone communications. "They had full rein access," he said, adding that casual private calls could have been intercepted alongside deliberate targeting of public officials.

"Your grandmother calling you to remind you to pick up groceries was not a targeted person and they're going to listen into that call," Nicoletti said. "But Trump, Vance, Kamala Harris and dozens of other U.S. government officials were specifically targeted."

Nicoletti added that the attackers "established a foothold and exfiltrated data for five years," a persistence he described as "almost unprecedented." His primary concern is that the group may still be present in some organizations and remain undetected.

When discussing the campaign in December 2024, then-deputy national security adviser Anne Neuberger said the attackers sought to identify device owners and, for certain government targets, to eavesdrop on calls and read text messages.

Investigators and cybersecurity experts stress that detection and remediation are ongoing. Agencies continue to notify affected organizations and advise enhanced monitoring, stronger access controls and comprehensive forensic reviews to find and remove any remaining intrusions.