Charter and Windstream Join List of U.S. Telcos Hacked by China

Chinese state-sponsored hacking group Salt Typhoon also hacked Charter Communications and Windstream Holdings. The revelation, which was made in an exclusive Wall Street Journal report, marks a significant escalation in a campaign targeting America’s critical communications infrastructure, now encompassing nine major telecom providers.

The breach, linked to Chinese intelligence operatives, exploited unpatched vulnerabilities and weak security practices across various networks. It enabled the hackers to access sensitive data, including lawful wiretap systems used for government surveillance, exposing a trove of information about over a million users, including senior U.S. officials. These intrusions are part of broader efforts by Beijing to gather intelligence and potentially disrupt U.S. operations during a geopolitical crisis, such as a conflict over Taiwan.

The inclusion of Charter Communications and Windstream in Salt Typhoon’s victim list highlights the far-reaching scope of this cyber operation. The hacking group exploited legacy vulnerabilities in network devices, including unpatched routers from major vendors like Cisco, to burrow into telecom networks. Once inside, the attackers:

• Monitored network traffic and wiretap systems.
• Exfiltrated metadata, including phone numbers, timestamps, and call logs.
• Observed and manipulated network configurations to evade detection.

U.S. officials have previously expressed concerns over the hackers’ ability to maintain prolonged access to compromised systems, with some breaches lasting up to 18 months undetected.

Impact on Americans and national security

Salt Typhoon’s operation mirrors other recent Chinese campaigns, such as Volt Typhoon, which targeted U.S. critical infrastructure, including ports, water treatment facilities, and energy grids. Both groups have shifted focus from traditional data theft to long-term system access aimed at crippling U.S. infrastructure in the event of a geopolitical confrontation.

Charter Communications, one of the largest broadband providers in the U.S., serves over 32 million customers, while Windstream focuses on rural broadband services, reaching 8 million Americans. The targeting of these entities suggests a deliberate strategy to infiltrate diverse telecom operators and extend Beijing’s cyber-espionage capabilities.

The breaches expose vulnerabilities in the U.S. telecom sector, which remains largely self-regulated without mandatory baseline cybersecurity requirements. National Security Adviser Jake Sullivan has called for stricter controls following these revelations, citing the grave implications of compromised communication systems.

Beyond technical damage, the hack allows Chinese intelligence to map the communications patterns of key U.S. personnel, potentially aiding future cyber or physical operations. Analysts believe the attacks could slow U.S. responses in a crisis, particularly one involving Taiwan, giving Beijing a strategic edge.