Unlock the White House Watch newsletter for free
Your guide to what Trump’s second term means for Washington, business and the world
China has hacked the emails used by congressional staff on powerful committees in the US House of Representatives, as part of a massive cyber espionage campaign known as Salt Typhoon.
Chinese intelligence accessed email systems used by some staffers on the House China committee in addition to aides on the foreign affairs committee, intelligence committee and armed services committee, according to people familiar with the attack. The intrusions were detected in December.
The attacks are the latest element of an ongoing cyber campaign against US communication networks by the Ministry of State Security, China’s intelligence service. One person familiar with the attack said it was unclear if the MSS had accessed lawmakers’ emails.
The MSS has been operating Salt Typhoon for several years. It allows China to access the unencrypted phone calls, texts and voicemails of almost every American, and in some cases enables access to email accounts.
Salt Typhoon has also intercepted the calls of senior US officials over the past couple of years, said people familiar with the campaign.
Mark Warner, the top Democrat on the Senate intelligence committee, in December said it was “baffling” that more attention was not being paid to Salt Typhoon. “Unless you’re on an encrypted device, they can pick any one of us,” Warner told the Defense Writers Group.
Jake Sullivan, former president Joe Biden’s national security adviser, told the Financial Times last year after leaving the White House that US telecom companies were “highly vulnerable” to Salt Typhoon.
The campaign is one of many cyber espionage efforts by Chinese intelligence and the People’s Liberation Army that target US infrastructure.
In 2024, the FBI and other US agencies said a Chinese state-sponsored hacking group that has been dubbed Volt Typhoon had penetrated US energy, transportation and communications systems in ways that would help China in the case of a conflict with America.
US telecom groups have done little to protect themselves from Salt Typhoon because of the huge cost involved in making networks resilient. Warner in December said US networks were particularly vulnerable because they were built when cyber security was not a serious concern.
The US Treasury planned to impose sanctions on MSS entities over Salt Typhoon in December, but it reversed course following concerns that it would derail the détente Presidents Donald Trump and Xi Jinping reached in October.
The four committees the MSS targeted declined to comment.
The Chinese embassy in the US denied the allegations about Salt Typhoon. Liu Pengyu, the embassy spokesperson, said: “We firmly oppose the US side making unfounded speculation and accusations, using cyber security to smear and slander China, and spreading all kinds of disinformation about the so-called Chinese hacking threats.”
