In a revelation that has sent shockwaves through the global cybersecurity community, Western governments and security experts have accused China of orchestrating one of the most sweeping and ambitious cyberattacks in recent history. The operation, attributed to a state-sponsored group known as Salt Typhoon, targeted more than 80 countries over the course of a year, penetrating major telecommunications networks and critical infrastructure sectors. According to a joint statement released on September 4, 2025, by investigators from the United States, United Kingdom, Canada, Finland, Germany, Italy, Japan, and Spain, the scale and scope of the attack are unprecedented, raising urgent questions about the future of digital security and global power dynamics.
The Salt Typhoon campaign, described by British and American officials as "unrestrained" and "indiscriminate," marks a significant escalation in China's cyber capabilities. Investigators found that the hackers infiltrated not only telecommunications companies but also government, transportation, lodging, and military infrastructure networks. The breadth of the attack has led officials to believe that nearly every American's data may have been compromised, a claim underscored by Cynthia Kaiser, a former top official in the FBI’s cyber division who oversaw investigations into the hacking. "I can’t imagine any American was spared given the breadth of the campaign," Kaiser told The New York Times.
While China has long been accused of targeting American power grids, companies, and research institutions for intellectual property and sensitive information, the Salt Typhoon operation represents a new chapter. According to Jennifer Ewbank, former CIA deputy director for digital innovation, "In many ways, Salt Typhoon marks a new chapter." She explained that, whereas previous attacks focused on stealing trade secrets or targeting individuals working on sensitive government issues, this campaign was far broader, sweeping up vast amounts of data with little discrimination.
The implications of such a massive data theft are profound. Security officials warn that the information stolen could allow Chinese intelligence services to exploit global communication networks, tracking politicians, spies, activists, and potentially ordinary citizens. The joint statement from Western allies, which The New York Times described as a "name-and-shame effort," was the fullest public accounting yet of what the FBI has called China’s "cyberespionage campaign." The statement emphasized that hackers sponsored by the Chinese government "are targeting networks globally, including telecommunications, government, transportation, lodging, and military infrastructure networks."
The Chinese Embassy in London did not respond to requests for comment. However, the People’s Republic of China has previously rejected such accusations as "groundless," even as condemnation has poured in from the US, EU, and NATO. Earlier this year, the Czech government accused China of targeting its critical infrastructure through a threat actor known as APT 31, with attacks allegedly beginning in 2022. These allegations formed part of a broader warning issued on September 4, 2025, by the Czech National Cyber and Information Security Agency (NÚKIB), which cautioned against the use of products and software that send system and user data back to China.
According to Dark Reading, the Czech advisory highlighted the "transfer of system and user data to the People's Republic of China, to the territories of People's Republic of China's Special Administrative Regions or to entities based in the territories of the People's Republic of China or its Special Administrative Regions," as well as the "remote administration of technical assets" from these parties. The concern is that such data could be misused by state, military, or political interests. The Czech agency explicitly warned that the legal framework in China, including the National Security Law and the National Intelligence Law, gives authorities sweeping powers to access data held by private companies, effectively erasing any meaningful boundary between private enterprise and state cyber operations.
Adam Meyers, head of counter adversary operations at CrowdStrike, underscored the scale of the threat. He told Dark Reading, "CrowdStrike's Global Threat Report identified a 150% year-over-year increase in Chinese intrusion activity, and the latest Threat Hunting Report shows a 40% jump in Chinese operations targeting the cloud." Meyers added, "Combine that with China’s National Security Law — which forces companies to share data with the state — and the risk is clear: products and services sending information back to Beijing are fueling intelligence operations that extend well beyond borders. This is part of China's long-term strategy to become a global hegemon, and it turns everyday technology into a battlefield for espionage and control."
The dangers are not limited to direct users of Chinese products. As Andy Bennett, CISO at Apollo Information Systems, explained to Dark Reading, "There are almost countless examples of Chinese firms facilitating the theft and abuse of data and systems around the world. It is a big problem. Even more so because even if you don't have these systems or software in your own environment, one of your connected third parties and/or customers might, and that could put your data and systems at risk through no direct fault of your own." This interconnectedness means that the risk of exposure is not confined to those directly using Chinese technology, but extends to entire supply chains and partner networks.
Heath Renfrow, chief information security officer at Fenix24, echoed these concerns, stating, "There’s no meaningful separation between a private Chinese entity and Beijing's cyber operations. This is why countries like the US, UK, and now the Czech Republic are warning about these dependencies. The stakes are no longer just privacy; it’s about national resilience and the ability to recover when adversaries use digital tools to disrupt the physical world."
Experts say that China's approach to data collection is akin to a dragnet, gathering as much information as possible to analyze patterns and identify targets. Gregory Falco, assistant professor of engineering at Cornell University, noted, "Their data collection methods vary considerably, and this is why warnings like this should be considered." He pointed to research showing that even Chinese-made drones flying near defense establishments have routed data through Chinese servers, bypassing local controls.
The Salt Typhoon campaign and related warnings from global agencies have reignited debates about the security of everyday technology and the responsibilities of private companies operating in or with China. The persistent suspicion that platforms like TikTok allow the Chinese government access to user data (a claim TikTok denies) exemplifies the broader unease over the reach of Beijing’s surveillance apparatus. The Czech NÚKIB has advised individuals who could be potential targets of foreign interference to restrict or prohibit the use of products and services that transfer data to China, and has urged all citizens to be vigilant about the technology they use.
As the world grapples with the fallout from the Salt Typhoon attack, one thing is clear: the digital battlefield is expanding, and the lines between state and private actors are increasingly blurred. With cyber operations now a central tool in the contest for global influence, the challenge of safeguarding data and infrastructure has never been more urgent or complex.
