Sen. Mark Kelly (D-Ariz.) told attendees of the McCain Institute’s Sedona Forum on May 3 that the Chinese communist regime still has access to the nine U.S. telecommunication companies hacked into in December 2024 during the Salt Typhoon cyber intrusion coordinated by the Chinese Ministry of State Security.
“They did it in such a way that it was very hard for us to detect that they were there and not done through the typical way that you would do something with malware,” he explained to the panel moderator.
“It was done through access to routers and using a lot of sophisticated techniques, and it was the, as you mentioned, the Chinese Ministry of State Security that coordinated this operation. They’re still there, and we have yet to figure out a way to kick them off.”
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified the hacks in October of 2024 and began an investigation.
By Dec. 27, the number of compromised telecommunication companies had increased to nine.
Kelly sits on the Senate Intelligence Committee and told the audience that rebuilding the United States’ telecom infrastructure in order to prevent hackers from gaining access continues to be a topic of conversation among his fellow committee members.
One of the issues with the nation’s current telecommunication infrastructure is how organically it developed over time.
“Somebody built a system, somebody improved that system,” Kelly said. ”They added technology to it, and today we have this collaged together systems of multiple companies using different kinds of equipment that are easily accessible from our adversaries, and they’re able to, if they know who you are, know your phone number, and they want to get access to some of your information, they today can probably do that, including voice calls.”
Volt Typhoon was reported to be dismantled in January 2024 but Kelly said the CCP’s Ministry of State Security “still have access into some of these systems,” and emphasized that the security risks such infiltration poses to the nation’s ability to mobilize against communist China.
He and his fellow panelists, Sue Gordon, former principal deputy director of national intelligence, and Frances Fragos Townsend, former counterterrorism and homeland security advisor, stressed the need for the federal government to lead the way in developing the necessary cybersecurity. They also stated that there is still no clear definition of when a cyberattack is considered an act of war.
In the meantime, the senator advised the crowd on how to proceed with their telecommunications.
“If you’re in any kind of sensitive position, just be aware that there are folks that are gathering information on you that want to know who all your connections are, that in a lot of cases, there are probably people in this room that foreign adversaries have access to your cell phone and you do not know it,” he said. “There are ways to kick them off. The easiest way is [by] keeping your software up to date and turning the phone off.”