China Hacked Critical Infrastructure Long Before US Raised Alarm About Cyberwar
While the world focused on the high-profile 2024 cyberattack, the breach actually occurred in 2023.A major US telecommunications company fell victim to a covert cyberattack by Chinese state-linked hackers in summer 2023—a full year before US officials publicly disclosed the large-scale infiltration of critical telecom networks. Malware tied to Beijing-backed groups remained embedded in the company's systems for seven months, according to intelligence documents obtained by Western agencies and sources familiar with the matter (Bloomberg).
The company's identity remains classified, but reports describe it as a provider servicing defense, logistics, and tourism sectors. The malware infected systems managing IT administrator workstations and persisted until late winter 2024.
The breach only came to light in fall 2024 when US agencies, responding to the Salt Typhoon attack campaign, shared digital fingerprints of China's Demodex rootkit with telecom firms. Cybersecurity analysts then uncovered traces of the earlier intrusion.
The Demodex Threat
Demodex is a sophisticated malware that grants attackers stealth control over systems. It temporarily disables Microsoft Defender, masks its activity, and evades detection. Previously deployed against telecoms and governments in Thailand, Afghanistan, and Indonesia, it has been attributed to China's Ministry of State Security.It remains unclear whether the 2023 attack was part of the later Salt Typhoon campaign, but the timeline suggests Chinese hackers infiltrated US critical infrastructure earlier than previously acknowledged.
"We long suspected US telecom networks were compromised," said cybersecurity expert Mark Rogers. "Now we have proof—and it dates back to 2023."
Salt Typhoon’s Scope
US officials allege Salt Typhoon breached AT&T, Verizon, and seven other carriers, harvesting personal data of millions and targeting devices linked to Donald Trump, JD Vance, and Kamala Harris.Official Responses:
- US intelligence agencies (CIA, NSA, FBI, CISA) declined to comment.
- China’s embassy in Washington accused the US of cyberattacks against China and dismissed the allegations as "disinformation."
Key Implications:
- Reveals a longer Chinese cyber-espionage timeline than publicly admitted
- Raises questions about undetected breaches in other critical sectors
- Highlights ongoing vulnerabilities in US infrastructure defense
