Chinese state-sponsored hackers breached U.S. Congressional email systems in December 2025, accessing communications from staffers on four critical House committees. The Salt Typhoon group, linked to China's Ministry of State Security, targeted the House China Committee along with foreign affairs, intelligence, and armed services panels according to Financial Times reports.
The intrusion was detected last month but may have persisted for months before discovery. Officials familiar with the investigation told the Financial Times it remains unclear whether lawmakers' personal email accounts were compromised, though staff communications were definitely accessed. The Chinese Embassy in Washington dismissed the allegations as "unfounded speculation and accusations."
Salt Typhoon employs sophisticated stealth techniques including DLL sideloading and zero-day exploits that evade detection for extended periods. The group previously compromised at least eight U.S. telecommunications providers including AT&T, Verizon, and T-Mobile in 2024, gaining access to systems used for court-authorized wiretaps.
This congressional breach marks an escalation from telecom infrastructure to direct government communications. Cybersecurity experts warn the group could have harvested metadata revealing communication patterns between staffers, committees, and external contacts even without accessing classified content.
An FBI advisory in August 2025 noted Salt Typhoon has targeted organizations in more than 80 countries as part of what it described as an "indiscriminate" hacking campaign. In 2024, the group compromised U.S. state National Guard networks, remaining undetected for nine months according to Department of Defense investigations reported in July 2025.
Benjamin Schilz, CEO at Wire, said the campaign "exposes how vulnerable core communications systems remain to nation-state actors." He added that persistent access of this nature creates potential to intercept unencrypted communications across the U.S. population, posing serious national security risks.
The U.S. Treasury reportedly planned sanctions against China's Ministry of State Security over Salt Typhoon activities in December but halted the action to foster better relations according to Financial Times sources. This decision followed earlier revelations that the group had infiltrated Verizon's telephone network and targeted prominent U.S. political figures including Kamala Harris and Donald Trump.
Cybersecurity analysts note that despite post-SolarWinds mandates for multi-factor authentication and zero-trust models, legacy systems in congressional IT infrastructure persist as vulnerabilities. House administrators have quietly bolstered defenses since the December detection, though disclosure lags continue frustrating transparency advocates.
The breach reignites calls for tougher cyber retaliation from bipartisan lawmakers. Representatives previously targeted by Chinese hackers urge designating Salt Typhoon's actions as cyberattacks warranting sanctions. As U.S.-China rivalry intensifies across technology and geopolitical fronts, such intrusions erode trust in democratic institutions' digital security.
Salt Typhoon operates as part of China's broader "Typhoon" nexus that includes groups like Brass Typhoon, Volt Typhoon, and Flax Typhoon. These state-sponsored entities conduct cyber-espionage, data theft, and persistent access operations aligned with Chinese strategic interests according to cybersecurity researchers.
The group's European operations were documented by Darktrace in October 2025, targeting communications networks across the continent. This international scope underscores what analysts describe as China's comprehensive intelligence-gathering strategy, piecing together data from multiple sources to inform policy and military decisions.
Industry experts argue the incident demands a paradigm shift in how governments secure communications infrastructure. They recommend AI-driven threat detection, international data-sharing agreements, and enhanced collaboration between public and private sectors to counter sophisticated nation-state threats operating with relative impunity.
