China’s "Salt Typhoon" hackers have breached U.S. telecoms, raising cyber tensions. Experts warn of the threat to international stability, emphasizing the need for collaborative strategies to prevent escalation amid ongoing economic competition.
As Trump prepares to take office, U.S.-China relations face mounting tension, intensified by the recent "Salt Typhoon" hack targeting U.S. telecom networks. The breach signals rising cyber threats and AI rivalry, prompting urgent calls for strategic dialogue to avoid conflict and stabilise ties.
With President-elect Donald Trump poised to take office, the United States is set to enter an even more contested future with China amid escalating threats in cyber warfare and the technological AI race. As the "dust hasn't even settled yet" on the recent U.S. election results, the incoming Trump administration faces immediate cybersecurity challenges following significant breaches by China's state-sponsored hacking group "Salt Typhoon."
These hackers infiltrated major U.S. telecommunications companies, accessing sensitive cellular logs and user data. The incidents intensify cyber tensions between the U.S. and China, highlighting urgent concerns over federal response measures and critical infrastructure protection amidst intensifying economic and political competition.
The cyber battlefield between the United States and China has escalated dramatically with the recent infiltration of major U.S. telecommunications companies by Chinese state-sponsored hacking groups, notably "Salt Typhoon." This series of breaches has not only heightened cyber tensions between the two nations but also exposed significant vulnerabilities in critical infrastructure, prompting urgent calls for enhanced cybersecurity measures and international cooperation.
Currently, three primary "Typhoon" threat actor groups have been publicly identified, each employing sophisticated tactics and targeting critical sectors:
Marie O'Leary, a cybersecurity analyst at the International Institute for Strategic Studies, remarked,
"The scale and audacity of the Salt Typhoon hacks suggest a new level of cyber espionage that could destabilize international relations. This isn't just an attack on the United States; it's a wake-up call for the international community about the vulnerabilities inherent in our interconnected digital infrastructure."
The U.S. Congressional Research Service has highlighted these breaches, raising critical questions about the adequacy of the federal response and the measures needed to protect critical infrastructure. Members of Congress from both the House and Senate have expressed deep concerns, calling on U.S. companies and federal agencies to provide detailed information about the incidents.
"Congress might also consider oversight of the executive branch’s response, particularly the immediate response and discovery of the incident," noted a recent report by cybersecurity expert Jaikaran.
"The incident raises concerns about the privacy of Americans’ communications, the security of critical infrastructure, and cybersecurity deterrence policy."
Jaikaran also emphasised the need for policymakers to focus on the roles of the Cyber Unified Coordination Group (UCG), the Cyber Safety Review Board (CSRB), Sector Risk Management Agencies (SRMAs), and preparedness activities. The Cyber UCG has been utilised in previous significant cyber events, such as the Microsoft Exchange services compromise in 2021 and the SolarWinds incident, to coordinate a whole-of-government response integrated with private sector efforts.
Global leaders and cybersecurity experts have expressed grave concerns over the implications of these breaches. Dr. Alan Chen, a professor of international relations at Georgetown University, stated,
"Cybersecurity has become a pivotal issue in international politics, and incidents like these can influence public opinion and policy decisions. The perception of foreign interference, especially from a major competitor like China, adds a layer of complexity to the geopolitical landscape."
The breaches have reignited debates over the trade relationship between the U.S. and China. Economic analysts warn that continued cyber hostilities could spill over into the economic sphere, potentially leading to new trade barriers or tariffs. Lisa Martinez, an economist at the Brookings Institution, commented,
"Cyber espionage activities exacerbate distrust and could prompt retaliatory measures that impact global markets. Businesses are wary of the uncertainty this creates, especially in sectors heavily reliant on international supply chains."
Earlier this year, the U.S. Justice Department charged seven Chinese nationals with "conspiracy to commit computer intrusions and conspiracy to commit wire fraud." This announcement came on the heels of warnings from Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and National Cyber Director Harry Coker about the strategic shift of Chinese hackers targeting critical infrastructure.
The escalating cyber threats have prompted calls for enhanced preparedness. Jaikaran highlighted that Congress has repeatedly directed CISA to engage in explicit preparedness activities, such as planning and conducting exercises. These activities help stakeholders think through potential incidents, establish roles and responsibilities, understand capabilities, and develop a shared sense of actions and outcomes.
"CISA developed a cyber incident response plan at the end of the Obama Administration and is required to update that plan by the end of 2024," Jaikaran noted. "With regard to the communications sector, participation in preparedness efforts appears to be primarily focused on their role as an essential service to other sectors like energy and financial services."
Despite intelligence community warnings about adversaries' intent to target and disrupt the communications sector, the U.S. government's focus on the sector's inherent risks is not as evident. Congress may consider how CISA incorporates changes in the sector, federal organizations, and threat actors into preparedness activities and how lessons learned from past incidents are applied to future responses.
As the United States navigates a period of political transition with the incoming administration in 2025, the cyber landscape faces new challenges. The "dust hasn't even settled yet" on the recent election results, and the new government has signalled a commitment to rebuilding the nation's technological and trade foundations. This strategic focus is expected to intensify economic competition and heighten political tensions on the global stage.
Diplomatic efforts, robust cybersecurity strategies, and international cooperation are essential to mitigate the risks. Marie O'Leary emphasized,
"In this interconnected world, cyber threats are a shared challenge. Our response must be collaborative, informed, and resolute to safeguard the future."
Experts caution that unilateral actions may exacerbate existing tensions. Dr. Alan Chen reflected,
"A strong national strategy is crucial, but it must be balanced with international collaboration to prevent further escalation."
Only through collective action and effective communication can the international community navigate this contested future successfully. Establishing norms and agreements to prevent cyber conflicts from escalating into broader crises is imperative for global security and economic stability.
Chinese hackers allegedly breached U.S. telecoms tied to Harris and Trump campaigns, highlighting election security gaps. AI-driven deepfakes and disinformation also surge on social media, raising risks to democracy as voters near Election Day.
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades.
A major cyberattack that led to a significant Microsoft Azure outage, a high-stakes prisoner swap involving Russian cybercriminals and U.S. journalists, and Google's urgent patching of an Android zero-day vulnerability.
