Unlock the free White House Watch newsletter
Your guide to what Trump’s second term means for Washington, business and the world
China has hacked emails used by congressional staffers on powerful committees in the US House of Representatives as part of a massive cyber espionage campaign called Salt Typhoon.
According to people familiar with the attack, Chinese intelligence accessed email systems used by some staffers on the House China Committee, in addition to aides on the Foreign Affairs Committee, the Intelligence Committee and the Armed Services Committee. The infiltration was detected in December.
The attacks are the latest element of an ongoing cyber campaign against US communications networks by China’s intelligence service, the Ministry of State Security. A person familiar with the attack said it was unclear whether MSS accessed the MPs’ emails.
MSS has been operating Salt Typhoon for many years. This allows China to access the unencrypted phone calls, texts and voicemails of nearly every American, and in some cases enables access to email accounts.
Salt Typhoon has also intercepted calls from senior US officials over the years, people familiar with the operation said.
Mark Warner, the top Democrat on the Senate Intelligence Committee, said in December that it was “surprising” that Typhoon Salt was not getting more attention. “As long as you’re not on an encrypted device, they can pick out any one of us,” Warner told the Defense Writers Group.
Former President Joe Biden’s national security adviser Jake Sullivan told the Financial Times after leaving the White House last year that US telecommunications companies were “highly vulnerable” to Typhoon Salt.
The campaign is one of several cyber espionage efforts by Chinese intelligence and the People’s Liberation Army that target US infrastructure.
In 2024, the FBI and other US agencies said that a Chinese state-sponsored hacking group dubbed Volt Typhoon had penetrated US energy, transportation and communications systems in a way that would help China in the event of conflict with the US.
Due to the enormous cost of building network resilience, American telecommunications groups have done little to protect themselves from Typhoon Salt. In December Warner said US networks were particularly vulnerable because they were built when cybersecurity was not a serious concern.
The US Treasury had planned to impose sanctions on MSS entities in December over Typhoon Salt, but reversed course after concerns it would derail the October peace deal between President Donald Trump and Xi Jinping.
The four committees targeted by MSS declined to comment.
The Chinese Embassy in America has denied the allegations of Salt Typhoon. Embassy spokesman Liu Pengyu said, “We firmly oppose the US side making groundless speculations and accusations, using cybersecurity to defame and discredit China, and spreading all kinds of misinformation about so-called Chinese hacking threats.”
