Beijing-sponsored hackers compromised the phones of UK government officials in a targeted campaign that appears to have lasted from 2021 to 2024, according to reports.
US intelligence sources have attributed the breach to Salt Typhoon, a state-backed threat actor that specialises in compromising telecommunication systems.
In 2024 Salt Typhoon compromised the networks of multiple internet service providers in the US, such as AT&T, Verizon, and dozens of others. The campaign was so wide-spread that US officials believe the China-linked threat actor may also still be lurking in the nation’s telecoms systems.
In the UK’s case, the phones of aides to three successive Tory Prime Ministers Boris Johnson, Liz Truss and Rishi Sunak are said to have been targeted, according to a report in The Daily Telegraph.
While it isn’t known whether the phones of the prime ministers were hacked, a source told the newspaper that the breach went “right into the heart of Downing Street.”
Anne Neuberger, a deputy US national security adviser, added that the global breach was part of “one of maybe the more successful campaigns in the history of espionage,” with the hackers able to “record phone calls at will."
While it is unclear what information Chinese hackers obtained, it is possible that spies could have read text messages, listened to calls, or gained access to phone metadata.
Chinese embassy worry, plus other alleged breaches
As the story broke, Keir Starmer was preparing his trip to Beijing this week – the first state visit by a serving UK PM since Theresa May in 2018.
"Like it or not, China matters for the UK," he declared ahead of the trip. "
As one of the world's biggest economic players, a strategic and consistent relationship with them is firmly in our national interest.
"That does not mean turning a blind eye to the challenges they pose – but engaging even where we disagree."
Earlier this month, the UK government approved controversial plans for a Chinese mega embassy in London, despite revelations that the planning documents reportedly contain a concealed underground chamber built directly alongside fibre-optic cables carrying some of Britain's most sensitive financial and internet traffic.
Last month, Cybernews reported that Chinese threat group Storm-1849 (sometimes tracked as ArcaneDoor) accessed servers at the Foreign, Commonwealth, and Development Office in October.
Fielding questions from journalists, the UK's Trade minister Chris Bryant played it down at the time, adding it was “not clear” who perpetrated the attack, but that the government had managed to “close the hole” quickly, and that security experts were confident there was a “low risk” of any individual being affected.
The original article in The Sun claimed that hackers accessed confidential data and documents, possibly including thousands of visa details.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked