U.S. cybersecurity officials now say that China’s notorious hacking group known as Salt Typhoon didn’t only infiltrate major telecom carriers. Investigators believe it also compromised U.S. data centers and residential internet providers, signaling a deeper and more alarming level of intrusion into America’s digital backbone.
Last week, sources familiar with the investigation told Nextgov that CISA flagged data center giant Digital Realty and the mass-media and internet provider Comcast as likely victims. The National Security Agency similarly flagged Comcast, expanding the known scope of the cyber campaign well beyond just telecommunications networks.
This news is a major escalation from initial findings, which confirmed infiltration in at least nine telecom firms—Verizon, AT&T, T‑Mobile, Lumen and others—and access to law-enforcement wiretap systems and call metadata.
Salt Typhoon, a Chinese state-sponsored group tied to the Ministry of State Security, has reportedly embedded sophisticated tools—rootkits, malware, and exploit kits—into core network components. These intrusions granted the group persistent access to communication metadata, wiretap platforms and now, more worryingly, the cloud-connected infrastructure of third-party data centers and residential gateways.
The compromise of Digital Realty, for instance, could expose sensitive enterprise and government client data. Comcast’s intrusion, meanwhile, threatens visibility into millions of home and business communications.
Why this matters? Data centers host critical services for cloud platforms, corporate networks, and government systems. A breach here allows attackers to jump between systems, escalate privileges, or harvest credentials across multiple sectors.
As one intelligence source put it, Salt Typhoon’s new targets mean “a far deeper foothold into the infrastructure supporting global information services.”
In response, CISA and NSA are working behind the scenes with affected providers, though Nextgov reports that their efforts have been slowed by jurisdictional hurdles and budget constraints within CISA. Congress is also stepping in with a letter from the House Homeland Security Committee with detailed documents on the breaches and urged reinstatement of the Cyber Safety Review Board which was disbanded in early 2025.
Senators such as Ron Wyden and Ben Ray Luján have characterized the campaign as the “worst telecom hack in our nation’s history,” pushing for immediate policy reforms including annual cybersecurity audits by the FCC, stronger network segmentation, and zero-trust architecture mandates. The FCC is reportedly reviewing a proposal to require communications providers to annually certify their defenses against cyber intrusions.
Meanwhile, public awareness is growing. A senior U.S. official revealed in December that a “large number” of Americans’ call metadata—including timestamps, locations, and call records—had been stolen by Salt Typhoon, though not the call contents themselves. The White House, FBI, NSA, NSC, and CISA have held classified briefings for senators and are actively seeking tips from the public to identify and disrupt the hacking crews.
This latest news—highlighting possible compromises in data centers and residential ISPs—marks a pivotal turn. No longer limited to telecom, Salt Typhoon’s reach now threatens the broader digital ecosystem that underpins modern life. Public and private sectors are facing mounting pressure to transform cybersecurity from optional investment to essential national defense.
Amid this intensifying landscape, one fact is undeniable: the intrusion is far from over, and solutions will depend on federal coordination, legislative will, and aggressive defense by the companies that maintain critical infrastructure.