In a significant cyber intrusion, Chinese hackers linked to the Salt Typhoon group have accessed email systems used by staff in key US House of Representatives committees. The breach, reported by the Financial Times and covered by Reuters, affects aides on the House Select Committee on China, as well as those handling foreign affairs, intelligence, and armed services. Detected in December 2025, the incident raises concerns over the security of sensitive government communications.[1]
The hackers, believed to be operating on behalf of Chinese intelligence, did not necessarily reach lawmakers' personal emails, according to sources familiar with the matter. The compromise highlights ongoing efforts by foreign actors to infiltrate US systems.
See: https://redskyalliance.org/xindustry/salt-typhoon-hackers
Salt Typhoon, attributed to China's Ministry of State Security, has conducted a prolonged espionage effort against US telecommunications infrastructure. The group has gathered data on extensive portions of Americans' telephone interactions, including intercepted calls involving prominent politicians and officials. This latest revelation extends the campaign's scope to congressional staff communications.
US authorities imposed sanctions in early 2025 on alleged hacker Yin Kecheng and the Sichuan Juxinhe Network Technology company for their roles in these activities. Such intrusions align with a pattern where lawmakers and their teams, particularly those overseeing military and intelligence matters, face repeated cyber threats.
The Chinese embassy in Washington dismissed the allegations as "unfounded speculation and accusations," with spokesman Liu Pengyu rejecting claims of involvement. Beijing has consistently denied responsibility for the Salt Typhoon operations.
On the US side, the Federal Bureau of Investigation (FBI) declined to comment, while the White House and the affected committees did not respond to inquiries. This silence comes amid broader worries about persistent vulnerabilities in critical systems.
In an expert comment, Benjamin Schilz, CEO of Wire, a secure digital workspace platform used by government, defense, and public-sector organizations, commented on the incident. He described the campaign as a "sustained, state-backed assault on US communications infrastructure by China’s Ministry of State Security."
Schilz noted that the undetected nature of the activity over the years is deeply troubling, regardless of email access specifics. He warned that such persistent entry could enable interception of unencrypted calls, messages, and voicemails across the population, creating a major national security threat.
He further emphasized the exposure of core systems to nation-state threats, pointing out reliance on outdated tools and consumer applications designed for ease rather than robust defense. "Resilience, sovereignty, and security-first architecture are no longer optional; they are critical to protecting democracy," Schilz stated.
The breach illustrates the risks posed by foreign espionage to democratic institutions. Given its potential for widespread surveillance, it calls for enhanced protection of communications networks. Experts like Schilz argue for shifting away from vulnerable legacy systems to more secure alternatives.
This incident follows previous Salt Typhoon attacks against telecom providers, in which hackers sought to exploit wiretapping capabilities. As investigations continue, it may prompt legislative reviews of cybersecurity measures in government operations. US government officials have yet to detail remediation steps, but the event will influence future policy on digital sovereignty.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators-of-compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.cybersecurityintelligence.com/blog/chinese-hackers-target-us-congressional-emails-9018.html
Comments