Salt Typhoon is the Microsoft threat-actor designation for a state-aligned hacking group attributed by US officials to the People's Republic of China. The group is part of Microsoft's "Typhoon" naming convention, which it uses for China-nexus actors (alongside Volt Typhoon, Flax Typhoon, and others). Salt Typhoon is also tracked by other vendors under names such as GhostEmperor and FamousSparrow.
The group drew global attention in late 2024 when US authorities confirmed that Salt Typhoon had compromised multiple major American telecommunications providers, including reporting tied to AT&T, Verizon, T-Mobile, and Lumen. According to a joint statement by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) in late 2024, the intruders accessed call records, private communications of a limited number of individuals primarily involved in government or political activity, and information subject to US law-enforcement requests — raising concerns that systems used to service court-ordered wiretaps (so-called CALEA lawful-intercept interfaces) had themselves been penetrated.
US press reporting indicated that phones associated with the 2024 presidential campaigns, including those of Donald Trump, JD Vance, and figures connected to the Kamala Harris campaign, were among the targets. Senator Mark Warner, chair of the Senate Intelligence Committee, publicly described the breach as one of the worst telecom hacks in US history.
Beijing has denied involvement. The incident accelerated policy debate over:
- End-to-end encryption for consumer communications (CISA notably urged Americans to use encrypted messaging in December 2024).
- The security of lawful-intercept backdoors mandated by law.
- Export controls and supply-chain scrutiny of Chinese-made network equipment.
For MUN and IR researchers, Salt Typhoon is a touchstone case for debates in the UN Open-Ended Working Group on ICTs, bilateral US–China cyber diplomacy, and domestic critical-infrastructure regulation.
Example
In December 2024, CISA and the FBI publicly confirmed that Salt Typhoon had infiltrated at least eight US telecommunications companies, prompting Senator Mark Warner to call it the worst telecom breach in US history.
Frequently asked questions
Microsoft uses the 'Typhoon' suffix for China-nexus actors, and US agencies including the FBI and CISA publicly linked the intrusions to the People's Republic of China in 2024. Beijing denies the allegations.
Keep learning