CHINA’S global cyber espionage operation – codenamed ‘Salt Typhoon’ – has been revealed to have breached the ‘heart’ of the British state.
Xi Jinping’s powerful spy agency of experienced hackers is believed to have infiltrated the mobile phones of senior officials in Downing Street for several years.
Aides close to Boris Johnson, Liz Truss and Rishi Sunak were targeted between 2021 and 2024, when they all served as Prime Minister, before the operation was exposed.
One source said the breach went “right to the heart of Downing Street” – but it remains unconfirmed whether Tory leaders themselves were ever compromised.
Intelligence sources in the US told The Telegraph that the attack, codenamed Salt Typhoon, is still ongoing.
This means that Sir Keir Starmer and his senior staff may also be subject to infiltration, allowing sensitive text messages, calls or important geolocation data to be freely leaked directly to President Xi Jinping.
INVASION OF THE VOLUNTEERS
A set of gun-wielding “Wolf Robots” take to the battlefield in the invasion of Taiwan
A FLOATING VESSEL
China’s LARGEST aircraft carrier with a VERY eloquent name enters service
MI5 only issued an “espionage alert” to Parliament in November about the threat of espionage from China.
Alicia Kearns, the shadow national security secretary, warned: “How much more evidence does this government need before they end their pandering to Xi and stand up as the great country that we are and stand up for us?
“Work rewards acts of hostility against our state.”
Kearns herself was one of the alleged targets of the Westminster spy case, in which two men were accused of passing sensitive information from Parliament to the Chinese government.
It comes as the Prime Minister leaves for the Republic this week in what would be the first such trip since 2018.
James Kynge, a China expert at Chatham House, told The Sun that Starmer’s priority was to promote Britain’s business interests – but that he would have to “walk a tightrope”.
“It’s going to be difficult for him to walk the tightrope between annoying the Chinese and annoying President Trump,” he explained.
“Starmer will have to say nice things to China, the kind of things they want to hear, but he will have to avoid provoking Trump.
“It’s a balancing act, but one that has real consequences if Starmer fails, so that will be the biggest challenge for him.
Earlier this month, The Sun revealed that Beijing has built a powerful spy agency of skilled hackers to carry out digital espionage and infiltrate critical infrastructure.
Britain and the United States have accused China of a global campaign of “vicious” cyber attacks in an unprecedented joint operation to expose Beijing’s espionage.
They are not alone either. In November, Australia’s spy chief said hackers linked to the Chinese government and military were targeting critical infrastructure.
He warned of “unprecedented levels of espionage”.
A number of high-profile attacks are suspected to have been orchestrated by the notorious Salt Typhoon group – a hacking army operating out of China believed to be controlled by the highest levels of the government.
Their cyber espionage has been active since at least 2020 – with a massive escalation of activity in 2023, 2024 and continuing through 2025.
Hackers have been behind some of the biggest – and most sophisticated – cyber attacks targeting Western countries, including the worst hack in US history.
In 2024, US officials said the Salt Typhoon hackers targeted the telecommunications data of top US politicians – including those of Donald Trump, JD Vance and Kamala Harris.
Hhackers got into nine systems US Telecommunications Companies – Exposing calls, SMS, IP addresses and phone numbers from over a million users.
Mmost of the available data belonged to “government targets of interest“, former deputy national security adviser Anna Neuberger he said at that time.
Leading cyber security expert Will Geddes warned: “These attacks have all been traced to companies and individuals known to have links to intelligence agencies in China.
Geddes, who has been identified as a dangerous threat acting on behalf of China’s Ministry of State Security, revealed that access to critical infrastructure is a “strategic price” for hostile countries such as China.
Obtaining such sensitive information could cause widespread chaos in the West – giving China near real-time visibility into communications.
Hackers can cause “infrastructure shutdowns” or communication blackouts in targeted areas during a conflict, plunging enemies into darkness.
“Why this is important to all of us, and not just to these government agencies, is that access to carrier infrastructure is a strategic value,” Geddes said.
“It can provide near-real-time visibility into communications, historical metadata, location information and, in targeted cases, captured content.
“This gives the state actor a powerful tool not only for counterintelligence, but also for political, strategic targeting and long-term intelligence gathering.
“They can also use that information to disrupt networks and confuse networks, which could be hugely, hugely beneficial to them as a hostile state actor if used in conjunction with other means and other methods of attacking a particular country.”
West in the crosshairs
Last year, British intelligence agencies revealed for the first time that Chinese state-sponsored hackers had been found inside the country’s critical national infrastructure.
GCHQ said the hackers, with links to various Chinese cyber security companies, had infiltrated governments, telecommunications, transport and military infrastructure over the past four years.
U.S. officials said the group infiltrated more than 200 targets in more than 80 countries — and could steal information from nearly every American.
In April last year, FBI announced a $10 million reward for information on individuals connected to Salt Typhoon.
According to a New York Times report, intelligence chiefs believe this is evidence that China’s capabilities rival those of the United States and its allies.
Mike Burgess, head of the Australian Security Intelligence Organization (Asio), said authoritarian regimes such as China were now more willing to “disrupt and destroy”.
Major Cyber Attacks Linked to China
Department of Defense Payroll Hack (2024): Suspected Chinese attack exposing personal/financial data of 270,000 British Armed Forces personnel.
Salt Typhoon (2023–present): Compromised US and UK telecommunications specifically to track high value individuals and infiltrate legal wiretapping systems.
United Kingdom Electoral Commission (2021–2022): He breached UK voter databases and gained access to the personal data of 40 million Britons.
APT31 Campaign (2021): Targeted email accounts of British Members of Parliament (MPs) who were critical of China.
Volt Typhoon (2021–present): He infiltrated US and UK critical infrastructure (energy, water, transport) to prepare the position for future devastating attacks.
Microsoft Exchange / HAFNIUM (2021): Mass exploitation of email servers affecting over 30,000 organizations worldwide, including many in the UK.
Equifax Breach (2017): Military hackers stole the personal financial information of nearly 150 million Americans.
OPM Hack (2015): He stole the sensitive security clearance files of 22 million US federal employees.
Operation Cloud Hopper (2014–2018): They threatened global IT service providers (MSPs) to steal vast intellectual property from Western companies.
Geddes explained that Beijing is directing all of these cyber operations against Western countries to target critical infrastructure for digital espionage.
“Their main goal is counterintelligence,” he added.
Cyber security companies in the West believe the Salt Typhoon hackers are targeting the servers and routers of major telecommunications and internet companies – as well as critical national infrastructure.
Experts say they exploit known vulnerabilities in firewalls, routers and VPN products.
And by infiltrating sensitive infrastructure, they can collect vast amounts of user data – from personal messages to top state secrets.
Crucially, access to critical infrastructure would allow rogue actors to shut down electricity, water and other assets.
Operation in the shade
However, the Chinese government is very smart about not engaging directly in these counterattacks—leaving almost no digital trail that can be traced back to Beijing.
Proxy groups and shell companies are ordered to conduct sophisticated operations to avoid being traced back to the Chinese state, which hides behind a complex network of teams, Geddes explained.
He said: “These attacks don’t necessarily come from their own buildings, but through proxies, through entities and companies, which allows them to present what we would call plausible deniability.”
Geddes said the sophistication of these attacks makes it very difficult for them not to be seen as state-led operations by rogue nations.
“In terms of targets, there are some commercial and private entities,” he said.
“But the vast majority are government entities, and again, they go through these ISPs.”
“One of the biggest concerns about these attacks is not only that they targeted several agencies and government departments, but also many of the largest telecommunications providers and ISPs in the United States.”
Former Tory leader Iain Duncan Smith previously told The Sun that such cyber attacks were just the tip of the iceberg – Beijing was waging a colossal cyber war with the West.
He said: “This is China – the second largest economy in the world, the second largest military. It plans to take over America.”
“They’re very important players now. They want to make sure the world runs the way they think.”
“If they can confuse us, confuse us, misinform us, create division, then that plays well into their plans. China is constantly working to undermine us. This is the reality of what is happening.”
“This is just the beginning of what is essentially a war.
Are Western countries ready?
Although awareness of the threat has increased dramatically since 2023, most experts and officials agree that critical infrastructure in the West remains highly vulnerable to Chinese cyber attacks.
Western states are said to be actively trying to counter these attacks, but face significant challenges that limit their effectiveness.
Geddes points out that intelligence agencies—specifically FBI and CISA in the US and GCHQ in the UK – are working “behind the scenes” to detect and remove malicious exploits used by Salt Typhoon.
GCHQ previously said China was the agency’s top priority because it “poses a real and growing cyber risk to the UK”.
Anne Keast-Butler, the agency’s director, accused Beijing of “collaborating with others to try to reshape the world”.
US and allied intelligence agencies are now actively hunting critical networks to find and eliminate Chinese hackers before conflict breaks out.
The FBI and international partners have launched operations to identify and remove Chinese malware from the networks (networks of infected home routers and cameras) that Chinese hackers use to hide their tracks.
Meanwhile, governments are increasingly forcing private companies in critical sectors to meet stricter cybersecurity standards.
Leave a Reply