What to know about the Chinese hackers who targeted the 2024 US presidential campaigns

WASHINGTON – A sophisticated breach of US telecommunications systems has extended to presidential campaigns, raising questions about the group behind the attack and the extent of its intelligence-gathering efforts.

It was not clear what data was taken in the attack. The large-scale operation was linked to the Chinese government and assigned to a group of experts called Salt Typhoon.

Investigators believe the hackers targeted a host of well-connected Americans, including presidential candidates — reflecting the scale and potential severity of the attack.

What is Typhoon Salt?

It’s the name Microsoft cybersecurity experts have given a Chinese group suspected of using sophisticated techniques to hack into major systems — most recently, US telecommunications companies.

The name is based on Microsoft’s practice of naming hacking groups after types of weather — “typhoon” for hackers in China, “sandstorm” for Iran’s efforts and “blizzard” for operations organized by Russia. A second term, in this case “salt”, is used to denote the type of hacking.

Experts say Salt Typhoon appears to focus primarily on counterintelligence targets, unlike other hacking groups that might try to steal corporate data, money or other secrets.

What do US officials think Salt Typhoon did?

Homeland security officials have gathered evidence indicating that hackers were able to infiltrate major telecommunications companies, including but not limited to Verizon.

The New York Times reported on October 25 that the affected phones include devices used by former President Donald Trump and his running mateSenator JD Vance of Ohio.

The effort is believed to be part of a broader intelligence-gathering effort that also targeted Democrats, including members of Vice President Kamala Harris’ campaign staff and Majority Leader Sen. Chuck Schumer of New York.

How serious is this hacking?

Homeland security officials are still struggling to understand the severity of the breach. But they are very concerned if, as appears to be the case, hackers linked to Chinese intelligence were able to access US mobile and data networks. Such information can provide useful information to a foreign adversary such as China.

To some extent, the breach is a continuation of the collection of data on the types of targets that spies have been collecting for decades. In this case, however, the amount and quality of information accessed by Salt Typhoon could put the intrusion in its own category and suggest that US data networks are more vulnerable than officials have realized.

What did the hackers get?

At this stage, this is still unclear. A major concern among government officials is whether the group was able to observe any court-ordered investigative activity, such as Foreign Intelligence Surveillance Act collection — a top-secret part of America’s efforts to root out spies and terrorists.

No one has yet suggested that the hackers were able to essentially operate inside individual targets’ phones. The more immediate concern would be whether they could see who was in contact with candidates and elected officials, how often they spoke and for how long.

This kind of information could help any intelligence agency understand who is close to senior government decision makers.

People familiar with the investigation say it is not yet known whether the hackers were able to gain access to this type of information. Investigators are reasonably confident that the perpetrators targeted specific phone numbers associated with presidential campaigns, senior government leaders, their staff members and others.

Just like the weather, hacking never ends and the Salt Typhoon breach may not. Also, the United States may never know exactly what the hackers got. NYTIMES