Do Son 
On the eve of the 2024 U.S. presidential election, the Chinese espionage group known as Salt Typhoon infiltrated the infrastructure of several American telecommunications companies. It has only now come to light that one of the affected organizations was Viasat—a California-based provider of satellite internet and secure communications channels, serving not only government agencies but also the military, aviation, and oil and gas sectors.
Although the intrusion is believed to have occurred last year, details of the breach have only recently surfaced. According to sources cited by Bloomberg, Viasat discovered the unauthorized access in 2025 and has since been working closely with authorities. In a public statement, the company confirmed the incident, clarifying that it stemmed from the compromise of a single device. Viasat asserted that no customer data had been leaked and that the breach had been fully remediated.
Salt Typhoon—a group linked to the Chinese government and also known by the aliases GhostEmperor and FamousSparrow—has conducted sweeping cyberespionage operations since 2020. Their sophisticated techniques allow them to maintain a stealthy presence within victims’ systems for extended periods. A hallmark of the group’s activity is the use of anti-forensic and anti-analysis methods to erase traces of their operations.
U.S. intelligence agencies believe that in one operation, Salt Typhoon gained full access to the telecommunications infrastructure of at least nine providers, including Verizon, AT&T, T-Mobile, and Lumen Technologies. With access to Verizon, the attackers reportedly attempted to monitor communications involving then-presidential candidate Donald Trump, his running mate J.D. Vance, and members of Kamala Harris’s campaign team.
Previously published reports indicate that the level of access obtained by the threat actors enabled them not only to track the real-time locations of millions of users but also to record their phone conversations live. In December 2024, U.S. authorities announced that the number of compromised telecom companies had increased to nine, though they declined to name the most recent addition.
Salt Typhoon is also suspected of breaching the U.S. Department of the Treasury in February 2025, during which they reportedly accessed laptops belonging to several high-ranking officials.
Notably, Viasat had already fallen victim to a cyberattack in March 2022. However, the company asserts that the current intrusion bears no connection to that earlier incident.
According to FBI assessments, despite remedial efforts, Salt Typhoon may still maintain a presence within the networks of some affected firms. The agency regards the group’s actions as part of a broader, long-term strategy by Beijing to penetrate critical U.S. infrastructure. China has officially denied any involvement, dismissing the accusations as “disinformation.”
Donate