The Chinese cyber espionage operation, codenamed Salt Typhoon, which allowed Beijing to listen in on the mobile phones of high-ranking officials in Washington and London for years, was perhaps the most serious failure of Western counterintelligence.
The main shock for the intelligence community was not the fact that the mobile phones had been hacked, but the method used by the Chinese hackers. Instead of trying to hack each individual device (iPhone or Android), they struck at the ‘nervous system’ of the internet – the backbone infrastructure of telecommunications giants (Verizon, AT&T, Lumen Technologies and their British counterparts).
The hackers infiltrated the ‘legal’ data interception systems (in the US – CALEA). According to the law, these systems are built into the operators’ networks so that the FBI, MI5 or other special services can eavesdrop on criminals with a court order. Chinese ‘specialists’ used these ‘state backdoors’ to deploy surveillance tools against their very creators.
By exploiting vulnerabilities in outdated network equipment (Cisco routers and Versa Director software), hackers gained access to traffic. This allowed them to bypass the encryption of end devices.
The scale of Operation Salt Typhoon provides a comprehensive picture of the priorities and depth of interest of Chinese intelligence. We are talking about systematic infiltration of the highest political elite in the West, on both sides of the Atlantic. The choice of targets indicates Beijing’s desire to gain access to key political decision-making centres.
In the United States, hacker activity peaked at the most vulnerable moment – the 2024 presidential campaign. Chinese cyberattacks targeted both Republicans and Democrats, demonstrating a desire to secure leverage over any future administration. In the Republican camp, Donald Trump and J.D. Vance’s phones were monitored, with access gained not only to their work devices but also to the communications of their family members. On the Democratic side, senior advisers to Kamala Harris were targeted, giving hackers access to the current administration’s plans. Interest in the legislative branch was also confirmed, with Senate Majority Leader Chuck Schumer among the targets, underscoring Beijing’s attention to the processes of formation and decision-making at the congressional level.
As for the United Kingdom, according to The Telegraph, published in January 2026, Chinese hackers maintained access to infrastructure linked to the Prime Minister’s residence at 10 Downing Street for several years. The active phase of control took place between 2021 and 2024. The targets of the attack were the closest advisers and assistants to the prime ministers during the terms of three consecutive governments: Boris Johnson, Liz Truss and Rishi Sunak.
As of early 2026, official London is avoiding direct confirmation of the hacking of the personal smartphones of the heads of government themselves. However, security experts emphasise that in the context of modern politics, this distinction is rather formal. Compromising the prime minister’s device effectively means an indirect loss of confidentiality. By gaining access to the devices of those closest to him, the Chinese side could track the detailed schedules of top officials, familiarise themselves with drafts of important documents and foreign policy initiatives, and reconstruct the content of closed and private conversations that prime ministers had with their trusted advisers.
As a result, Operation Salt Typhoon gave China the opportunity to penetrate the inner workings of Western politics, gaining insight into the real mechanisms of power and decision-making, while remaining undetected for several years. The depth of Chinese penetration was so significant that former US Deputy National Security Advisor Anne Neuberger described this level of penetration as ‘broad and complete access,’ emphasising the scale of the loss of control over critical communications.
Such access opened up a wide range of intelligence tools to the attackers. First, they had access to communication metadata: information about who called whom, when, and for how long. Analysis of this data made it possible not only to reconstruct the entire network of contacts, but also to identify non-obvious connections. Second, hackers could track geolocation, obtaining accurate data on the movements of high-ranking personnel in near real time. Thirdly, infiltrating the telecommunications operators’ system enabled them to intercept and record the conversations themselves. Finally, access to SMS messages, including one-time two-factor authentication codes, opened the way to hacking related cloud services and further expanding their control.
Taken together, this meant that the operation went far beyond classic espionage and provided China with tools for deep and multi-level control over the communications of key figures.
Operation Salt Typhoon should be seen as the culmination of Beijing’s long-standing and consistently implemented strategy aimed at achieving dominance in global cyberspace. An analysis of the activities of cyber groups associated with the PRC over the past decade shows a clear evolution of objectives: from mass data collection to establishing control over critical infrastructure and the communication channels of top government officials.
The path to infiltrating the communications of the White House and the British Prime Minister’s residence was forged through a series of major operations, each of which solved a separate strategic task. The starting point can be considered the hacking of the US Office of Personnel Management in 2015. During this attack, the personal files of 22 million civil servants were stolen, effectively providing Chinese intelligence with a detailed ‘map’ of the American government apparatus, indicating key positions, levels of access to classified information, and potential vulnerabilities for pressure or recruitment.
The next stage involved the activities of the Volt Typhoon group and marked a qualitative shift in priorities. Hackers focused on embedding hidden access mechanisms into life support systems: water supply, power grids, and transport infrastructure. The goal here was not to obtain information, but to lay the groundwork for possible sabotage that would quickly destabilise everyday life in Western countries in the event of open conflict.
The APT31 group specialised in political espionage. By attacking members of the British Parliament and hacking the UK Electoral Commission, China gained access to the personal data of around 40 million voters, enabling it to analyse electoral preferences, study public sentiment and model political processes in the West.
Against this backdrop, Operation Salt Typhoon appears to be the logical conclusion of the control architecture that is being built. While previous campaigns allowed Beijing to understand who controls state structures and how critical infrastructure functions, the new phase provided access to the most valuable resource – the private communications of the top political leadership, turning the mobile devices of the political elite into sources of leaks, transmitting closed negotiations, correspondence and calls in real time.
As a result, by 2026, China’s cyber strategy had evolved from stealing archived questionnaires and databases to maintaining a discreet presence in the private communications of world leaders.
The disclosure of the true scale of Operation Salt Typhoon in early 2026 provoked a sharp political reaction and a wave of mutual accusations among Western allies. In the UK, Rishi Sunak’s administration was accused of deliberately downplaying the threat to maintain favourable trade and economic relations with China. These accusations led to a crisis of confidence within the Five Eyes intelligence alliance, which brings together the US, the UK, Canada, Australia and New Zealand.
The consequences could have an impact on the diplomatic track. Possession of information about closed discussions between Western leaders on sensitive issues such as the status of Taiwan or the AUKUS military-political partnership gives Beijing powerful leverage in international negotiations and crisis situations.
The operation led to many governments effectively recognising traditional cellular networks as a ‘hostile environment.’ Officials and high-ranking individuals were advised to abandon conventional phone calls and switch to secure messaging apps such as Signal. This decision became a symbol of a kind of ‘digital surrender,’ a public acknowledgement of the vulnerability of the state communications system to foreign cyber espionage.
Despite traditional denials by the Chinese Embassy in London, calling the accusations ‘baseless,’ US and British intelligence agencies are confident that Operation Salt Typhoon remains active in 2026.