Valtik Studios
Back to blog
Telecomcritical2026-04-1513 min

China Hacked America's Wiretap System. And They're Probably Still Inside

Chinese state-sponsored Salt Typhoon compromised US telecom carriers including AT&T, Verizon, and T-Mobile — the lawful intercept systems used for surveillance got owned. CISA called it the largest telecom hack in US history. A threat intelligence and nation-state cyber attack investigation.

The backdoor was the front door

In 2024-2025, Chinese state hackers known as Salt Typhoon compromised at least 9 major U.S. telecom companies including Verizon, AT&T, and T-Mobile. By August 2025, the attack had expanded to over 200 companies across 80 countries.

The entry point? CALEA. The Communications Assistance for Law Enforcement Act. This 1994 law requires every telecom carrier to build wiretapping capability into their infrastructure so law enforcement can intercept calls with a court order. Salt Typhoon exploited these exact systems.

What they accessed

The hackers gained the ability to:

  • Track millions of Americans' locations in real time through cell tower data
  • Record phone calls by accessing the lawful intercept infrastructure
  • Read text messages including those of Trump and Harris campaign staff during the 2024 election
  • Access call metadata showing who contacted whom, when, and for how long

They got in using stolen employee credentials and a 7-year-old unpatched Cisco vulnerability. Once inside, they moved laterally through the wiretap infrastructure that carriers were legally required to maintain.

The irony

The U.S. government mandated that telecom companies build surveillance backdoors. A foreign government walked through them. This is the exact scenario that cryptographers and privacy advocates have warned about for decades: any backdoor built for the "good guys" will eventually be found by the bad guys.

Still inside

As of late 2025, the Senate Commerce Committee reported that telecom companies still haven't proven the intruders are fully evicted. The FBI recommended Americans switch to encrypted messaging apps like Signal for sensitive communications. an extraordinary admission from the agency that has spent years lobbying against encryption.

What this means for you

  • Your phone calls and texts through traditional carriers may have been intercepted
  • Encrypted messaging (Signal, iMessage, WhatsApp) was not compromised. only traditional phone/SMS
  • Location data from cell towers was accessible, regardless of phone settings
  • This isn't theoretical; it happened to millions of Americans including presidential campaign staff
salt typhoonchinaapttelecomthreat intelligencenation-stateincident responseresearch

Want us to check your Telecom setup?

Our scanner detects this exact misconfiguration. plus dozens more across 38 platforms. Free website check available, no commitment required.

Free Security CheckRequest Full Audit
Related Reading
Lazarus Group15 min
How North Korea Stole $6.75 Billion in Cryptocurrency
The Lazarus Group stole 60% of all cryptocurrency losses in 2024 — $1.34 billion from a single Bybit breach. North Korea's cyber operations
Credentials11 min
16 Billion Credentials Leaked in 2025: The Infostealer Epidemic
Infostealer malware like RedLine, Raccoon, and Lumma exfiltrated 3.2 billion credential records in 2025. The silent pipeline between persona
Mobile14 min
Your Phone Got Hacked and You Did Nothing Wrong
Pegasus, Predator, and other nation-state spyware deploy zero-click exploits that require no user interaction. A threat intelligence and mob