Salt Typhoon’s Shadow: New Cybersecurity Advisory Confirms Persistent, State‑Sponsored Threats to Critical Communications Infrastructure

The newly released multinational Cybersecurity Advisory (CSA) makes clear that telecom networks face persistent targeting by sophisticated, state‑sponsored actors. The advisory, “Countering Chinese State‑Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System,” underscores that defending against these threats is not purely a technical challenge—it requires deliberate alignment of telecom policy, cybersecurity strategy, and crisis communications at the highest levels of leadership. While focusing on commercial telecommunications providers, the CSA’s underlying guidance is equally relevant to other critical infrastructure including 9-1-1 systems and Emergency Services IP Network (ESInet) providers.

The CSA further stresses that, given the nature of the campaign, organizations must actively hunt for signs of compromise rather than relying solely on passive defenses. In light of these realities, all telecom companies should strongly consider engaging an experienced outside firm to design and facilitate a custom tabletop exercise for their C‑suite and board, ensuring decision‑makers are best prepared to prevent incidents by identifying and closing vulnerabilities in advance.

Back in May, I wrote about Salt Typhoon—a Chinese state‑sponsored campaign exploiting telecom network vulnerabilities—and explored its potential implications for public safety. That blog outlined how targeting network infrastructure could disrupt critical communications, complicate emergency response, and strain national security resources. You can read that blog in my website’s Articles section.

This extraordinary CSA—jointly authored by cybersecurity and intelligence agencies worldwide—exposes a persistent, coordinated campaign posing serious risks to telecom networks. It warns that Chinese state-sponsored groups are targeting “large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers” and modifying them to “maintain persistent, long-term access to networks.”

The CSA’s authors “encourage network defenders of critical infrastructure organizations, especially telecommunications organizations, to perform threat hunting, and, when appropriate, incident response activities.” This is not a one‑time sweep. It is an ongoing discipline that should be embedded into operational culture and reinforced through executive‑level exercises that test both technical and policy responses, with the goal of eliminating exploitable weaknesses before adversaries act.

Now more than ever, aligning telecom policy, cybersecurity strategy, and crisis communications is vital—not only for network security, but also for public safety, national security, and emergency response readiness. A well‑crafted tabletop exercise, led by an independent firm and involving C‑suite and board members, can surface blind spots, clarify decision‑making authority, and ensure that technical, operational, and public messaging strategies are synchronized to close gaps before they can be exploited.

For organizations navigating these challenges, my role is to connect telecom and 9-1-1 service provider leaders with the right cybersecurity expertise to strengthen resilience where it matters most. If this is a conversation your organization is ready to have, I’d welcome hearing from you here or at Jeff@mpstrat.com.