U.S. Senator Maria Cantwell is demanding answers by June 26 from AT&T and Verizon following the Chinese-linked ‘Salt Typhoon’ cyber operation. She is calling for a full account of the breach and its impact on their networks. Although Salt Typhoon infiltrated major U.S. telecom infrastructure, including systems at AT&T and Verizon in December 2024, both companies asserted that their networks remained secure.
A Democrat from Washington and Senate Commerce ranking member, Cantwell, in separate letters to the companies’ CEOs, challenged those assurances, citing ongoing concerns from cybersecurity experts who believe the threat may not be fully eradicated and could still be active within U.S. telecom systems. Her demand comes as she sharply criticizes the Republican Reconciliation bill, warning that it would hand over sensitive national security spectrum to private telecom providers. She argues this move could heighten the risk of surveillance, interference, and exploitation by Chinese and other foreign adversaries.
“Current and former government experts continue to indicate that Salt Typhoon may remain active in U.S. networks,” Cantwell wrote in separate letters to the CEOs. “They have explained how telecommunications networks are complex and full of hardware and software vulnerabilities Salt Typhoon can exploit to create multiple pathways to reenter the network. Experts also noted the sheer scale of any network would likely need a forensic analysis of tens of thousands of endpoints to identify all potential compromises.”
Furthermore, she added that weeks before the vendors claimed the attack was resolved, the U.S. government publicly stated that the scope and significance of the compromise in traditional telecommunications networks made it ‘impossible’ for agencies ‘to predict a time frame on when we’ll have a full eviction,’ and urged Americans to use encrypted voice and text applications to minimize the chances of the hackers intercepting their communications.
In addition to the sheer magnitude of the attack, the Chinese gained access to the geolocation and cell phone data of millions of Americans, including then-candidates Donald Trump and J.D. Vance. Earlier this year, the FBI confirmed that the hackers also stole call data logs, private communications of certain victims, and copied information on U.S. law enforcement wiretap systems.
She highlighted that despite this massive breach, AT&T in December 2024 stated that there was ‘no activity by nation-state actors in our networks at this time,’ while Verizon claimed it ‘has contained the activities associated with this particular incident.’
The FBI, NSA, the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Communications Commission have issued guidance and proposed regulations to telecom providers in response to the Salt Typhoon incursion.
In her letter to John T. Stankey, AT&T’s chairman and chief executive officer, Cantwell wrote that given the national security, critical infrastructure, and privacy risks involved, AT&T must make every effort to protect its customers against these highly sophisticated foreign adversaries and be fully transparent about such efforts.
She has asked AT&T for documents and information covering the period from September 1, 2024, to the present, no later than June 26, 2025. First, submit a complete copy of AT&T’s remediation plan developed in response to the Salt Typhoon attacks. Include all threat assessments that evaluate the security risks posed by nation-state actors targeting AT&T’s systems, including assessments related to the FirstNet network.
Also, she asked to be provided with a detailed list of all vulnerabilities AT&T identified that allowed nation-state actors to gain broad or full access to its networks, along with an explanation of how each has been mitigated or remediated. Include all documents that support AT&T’s determination that there is no longer any activity by nation-state actors in its networks.
In addition, she asked to submit all records detailing the costs and expenses AT&T incurred to secure its networks from nation-state threats, including documentation from any third-party audits. Finally, include copies of all current AT&T policies and best practices related to the encryption of customer data.
In her letter to Hans Vestberg, chairman and chief executive officer at Verizon, Cantwell requested that similar documents be provided from September 1, 2024, to present, no later than June 26, 2025. She has sought a copy of Verizon’s remediation plan in response to the Salt Typhoon attacks. All threat assessments related to the security risk of nation-state actors hacking Verizon’s systems; a list of all vulnerabilities Verizon has identified that allowed nation-state actors to gain broad, full access to its networks, and to what extent it has been mitigated or remediated; and all documents relating to Verizon’s determination that there was no longer activity by nation-state actors in its networks.
Cantwell also asked for all records related to the costs and expenses Verizon incurred to secure its networks from nation-state actors and attackers, including but not limited to a third-party audit, and all Verizon policies and best practices relating to the encryption of customer data.
In March, Republican members of the U.S. House Committee on Homeland Security approached the Department of Homeland Security (DHS) to request information and documents regarding the federal government’s response to extensive cyber intrusions by ‘Volt Typhoon‘ and ‘Salt Typhoon,’ two advanced persistent threat actors supported by the People’s Republic of China (PRC). The members sought information on when DHS and the CISA first became aware of the threats and damages caused by these intrusions and asked for a timeline of CISA’s responses to these events.
