Chinese Hacking Group Salt Typhoon Linked to Breaches at Comcast and Digital Realty
U.S. security agencies have identified Comcast and Digital Realty as likely targets of Salt Typhoon, a Chinese state-backed hacking group previously tied to a multi-year espionage campaign against global telecom operators. The National Security Agency (NSA) assessed Comcast as a probable victim, while the Cybersecurity and Infrastructure Security Agency (CISA) flagged Digital Realty as potentially compromised, according to three anonymous sources familiar with the matter.
Salt Typhoon, part of a broader network of China-linked cyber actors, was first exposed last year for infiltrating major telecom carriers. The group’s access to data center infrastructure such as Digital Realty’s global network could grant unprecedented surveillance capabilities, allowing hackers to monitor internal traffic between cloud providers, governments, and enterprises that typically bypass public internet protections.
Uncertainty and Legal Barriers
U.S. agencies hold inconsistent lists of confirmed or suspected victims, complicating investigations. Some telecom providers have reportedly avoided internal probes into Salt Typhoon’s presence, citing legal strategies to limit disclosure. CISA has attempted to notify affected companies since December, though the effectiveness of these communications remains unclear.
Comcast denied evidence of a breach, stating it had found no signs of Salt Typhoon in its enterprise network. Digital Realty did not respond to requests for comment, while CISA, the NSA, and the FBI declined to provide details.
National Security Risks
An intrusion into either company could have severe implications. Comcast serves 51 million broadband customers and 8.1 million wireless users, while Digital Realty operates 300+ data centers across 25 countries, hosting infrastructure for major clients like AWS, Google Cloud, Microsoft, and IBM. Experts warn that Salt Typhoon’s foothold in data centers could enable deeper surveillance of private communications, including traffic between cloud and on-premises systems.
The group’s tactics rely on exploiting known vulnerabilities, some dating back to 2018, and credential theft highlighting persistent gaps in patch management for critical infrastructure. Despite public assurances from companies, officials and cybersecurity experts believe Salt Typhoon remains embedded in telecom networks. Sen. Josh Hawley (R-Mo.) recently stated in a hearing that the hackers retain "unlimited access" to U.S. communications, including voice messages and calls.
Political and Investigative Fallout
The breaches have drawn sharp criticism from lawmakers. The House China Select Committee called the reported intrusions a "serious and deeply concerning" example of China’s efforts to undermine U.S. digital infrastructure. Rep. Mark Green (R-Tenn.), chair of the House Homeland Security Committee, has pressed the Department of Homeland Security (DHS) for documents on Salt Typhoon and another Chinese hacking unit, Volt Typhoon, citing concerns over CISA’s limited visibility into the attacks.
The Cyber Safety Review Board, a DHS body disbanded under the Trump administration, had been investigating the telecom hacks before its dissolution. Lawmakers have since urged its reinstatement, while CISA faces proposed budget cuts that could further hinder its response capabilities.
Salt Typhoon’s campaign also targeted lawful intercept systems, which telecom providers use to comply with government surveillance requests. Reports indicate the group accessed communications metadata linked to former President Donald Trump, Vice President JD Vance, and other U.S. officials, underscoring the operation’s national security stakes.
Comcast cybersecurity rating report: https://www.rankiteo.com/company/comcast
"id": "COM1772598459",
"linkid": "comcast",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Telecommunications',
'location': 'United States',
'name': 'Comcast',
'size': '51 million broadband customers, 8.1 million '
'wireless users',
'type': 'Telecom and broadband provider'},
{'customers_affected': ['AWS',
'Google Cloud',
'Microsoft',
'IBM'],
'industry': 'Data Center and Cloud Infrastructure',
'location': 'Global (25 countries)',
'name': 'Digital Realty',
'size': '300+ data centers',
'type': 'Data center operator'}],
'attack_vector': ['Exploiting known vulnerabilities', 'Credential theft'],
'data_breach': {'sensitivity_of_data': 'High (linked to U.S. officials '
'including former President Donald '
'Trump and Vice President JD Vance)',
'type_of_data_compromised': ['Communications metadata',
'Internal traffic data']},
'description': 'U.S. security agencies have identified Comcast and Digital '
'Realty as likely targets of Salt Typhoon, a Chinese '
'state-backed hacking group previously tied to a multi-year '
'espionage campaign against global telecom operators. The '
'group’s access to data center infrastructure such as Digital '
'Realty’s global network could grant unprecedented '
'surveillance capabilities, allowing hackers to monitor '
'internal traffic between cloud providers, governments, and '
'enterprises that typically bypass public internet '
'protections.',
'impact': {'data_compromised': ['Communications metadata',
'Internal traffic data'],
'operational_impact': 'Potential surveillance of private '
'communications',
'systems_affected': ['Telecom networks',
'Data center infrastructure',
'Lawful intercept systems']},
'initial_access_broker': {'high_value_targets': ['Telecom operators',
'Data centers',
'Lawful intercept systems']},
'investigation_status': 'Ongoing, with inconsistent victim lists and legal '
'barriers complicating investigations',
'motivation': 'State-sponsored surveillance and espionage',
'post_incident_analysis': {'root_causes': ['Exploitation of known '
'vulnerabilities',
'Credential theft',
'Persistent gaps in patch '
'management']},
'references': [{'source': 'National Security Agency (NSA)'},
{'source': 'Cybersecurity and Infrastructure Security Agency '
'(CISA)'},
{'source': 'House China Select Committee'}],
'regulatory_compliance': {'regulatory_notifications': 'CISA attempted to '
'notify affected '
'companies since '
'December'},
'threat_actor': 'Salt Typhoon',
'title': 'Chinese Hacking Group Salt Typhoon Linked to Breaches at Comcast '
'and Digital Realty',
'type': 'Espionage',
'vulnerability_exploited': ['Known vulnerabilities dating back to 2018']}