Viasat, a major U.S. satellite communications provider, has confirmed it was one of several telecom companies breached by Salt Typhoon, a Chinese state-sponsored hacking group, during a far-reaching cyberespionage campaign ahead of the 2024 U.S. elections.
The incident, which came to light this week via Bloomberg, adds to the growing list of confirmed victims in a long-running intelligence operation attributed to China-linked Advanced Persistent Threat (APT) groups.
Salt Typhoon’s Broader Espionage Hack Strategy Targeted U.S. Telecom Infrastructure
Salt Typhoon—also tracked as GhostEmperor and FamousSparrow—is believed to be responsible for a coordinated attack on at least nine U.S. telecommunications firms, including giants like Verizon, T-Mobile, AT&T, and Lumen Technologies. The goal of the campaign, according to U.S. authorities, was deep surveillance and data collection across sensitive networks.
Reuters previously reported that the hackers gained broad access to internal telecom infrastructure, allowing them to geolocate individuals and even record phone conversations.
Among those reportedly targeted were presidential candidates and campaign staff, including former President-elect Donald Trump, JD Vance, and aides from Kamala Harris’s 2024 campaign—primarily through breached Verizon networks.
Viasat Breach: No Customer Data Impact, Company Says
Viasat discovered the unauthorized access earlier this year. In a statement issued Tuesday, the company confirmed the breach but emphasized that customer data and services were not affected:
“Viasat and its independent third-party cybersecurity partner investigated a report of unauthorized access through a compromised device,”
the company said.“Upon completing a thorough investigation, no evidence was found to suggest any impact to customers. Viasat believes that the incident has been remediated and has not detected any recent activity related to this event.”
Viasat is based in California and provides satellite broadband services across residential, commercial, and government sectors—including secure communications for military operations, aviation, and energy.
The company clarified that the intrusion is unrelated to a 2022 cyberattack that occurred before the Russian invasion of Ukraine.
APT Presence May Still Linger in Compromised Systems
While the company maintains that the breach has been resolved, federal agencies are not ruling out the possibility that Salt Typhoon still resides within some compromised telecom networks.
Salt Typhoon, reportedly active since 2020, has demonstrated advanced capabilities—using stealth techniques that make detection and removal difficult. U.S. officials say the group employs anti-forensic and anti-analysis methods, which allow them to operate covertly for months without triggering alarms.
“Wide-ranging intelligence collection effort,”
the FBI warned, noting the attacks align with broader efforts by the People’s Republic of China to infiltrate U.S. critical infrastructure.
The group is also suspected of breaching the U.S. Treasury Department in February 2025, gaining access to laptops used by senior officials.
Response and Attribution
The U.S. government has formally linked Salt Typhoon to China and classified the espionage campaign as part of a long-term national strategy targeting American infrastructure. Beijing, for its part, has consistently denied involvement, calling the allegations “disinformation.”
As of now, no specific details about the method of entry into Viasat systems have been disclosed, and the full scope of the data accessed remains classified.
Looking for a trusted recovery solution in an event of rasomware attack from nation state actors?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
