Do Son 
An American telecommunications company fell victim to a covert cyberattack orchestrated by Chinese hackers in the summer of 2023—one year prior to U.S. authorities publicly acknowledging the widespread infiltration of the nation’s major telecom networks. Malware linked to Beijing-backed groups remained embedded within the company’s infrastructure for seven months, according to a document submitted to Western intelligence agencies and sources cited by Bloomberg.
The company’s identity remains undisclosed, but the report describes it as a provider serving the defense, logistics, and travel industries. The malicious software was discovered on systems used by IT administrators, and according to insider accounts, the infection persisted until the end of winter 2024.
The breach came to light in the autumn of 2024, when U.S. intelligence agencies, responding to a wave of attacks attributed to Salt Typhoon, shared the signature of the Chinese rootkit Demodex with telecom operators. Cybersecurity experts launched inspections and stumbled upon traces of an earlier, previously undetected intrusion.
Demodex is described as an advanced piece of malware that enables attackers to covertly command a compromised system. The report states that it temporarily disables Microsoft Defender before concealing its activity and presence. This malware has previously been deployed in attacks against telecommunications firms and government entities in Thailand, Afghanistan, and Indonesia, and has been linked to China’s Ministry of State Security.
It remains unclear whether the 2023 breach formed part of the same espionage campaign later identified as Salt Typhoon. However, the timeline raises serious questions about earlier assessments regarding the onset of Chinese infiltration into U.S. critical infrastructure.
“We’ve long suspected that the U.S. telecom network was vulnerable,” said cybersecurity expert Mark Rogers. “Now we have confirmation that it was indeed compromised—and as early as 2023.”
According to U.S. officials, the Salt Typhoon operation saw hackers gain access to the networks of AT&T, Verizon, and seven other telecommunications providers. The attackers reportedly harvested the personal data of millions of American citizens and attempted to breach the devices of Donald Trump, J.D. Vance, and Kamala Harris.
Spokespersons for the CIA, NSA, FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) declined to comment. A representative of the Chinese Embassy in Washington, in response, accused the United States of conducting cyberattacks against China and dismissed allegations of a “Chinese threat” as disinformation.
Donate