A years-long espionage campaign by Chinese state-sponsored hackers penetrated the mobile phones of senior UK government officials, exposing private communications at the highest levels of British politics.
The breach, part of a massive global operation called Salt Typhoon, reached what sources describe as "right into the heart of Downing Street".
The attack targeted aides to former Prime Ministers Boris Johnson, Liz Truss, and Rishi Sunak between 2021 and 2024, though it's still unclear if the prime ministers' personal devices were compromised. Intelligence sources now warn the operation may still be active, potentially affecting current Prime Minister Keir Starmer's team as he departs for China this week—the first visit by a British PM since 2018.
Salt Typhoon didn't hack individual phones directly. Instead, the hackers compromised telecommunications companies themselves, giving them a backdoor into millions of devices. Think of it like breaking into the phone company's headquarters instead of picking individual locks—you get access to everything at once.
The hackers could record phone calls "at will," according to Anne Neuberger, the deputy US national security adviser from January 2021 to January 2025.
Neuberger explained that attackers gained "broad and full access" to networks, enabling them to "geolocate millions of individuals, to record phone calls at will." Even without listening to calls, the attackers gathered metadata (who called whom, when, and from where) and geolocation data revealing officials' movements.
The breach wasn't limited to the UK. Salt Typhoon hit telecommunications giants across the Five Eyes alliance—the US, Australia, Canada, and New Zealand. By August 2025, the FBI confirmed hackers had breached at least 200 companies across 80 countries.
US officials didn't discover the intrusions until 2024, even though the attacks dated back to at least 2021. A senior American official called it "one of maybe the more successful campaigns in the history of espionage".
Why This Matters to You
This isn't just a problem for politicians. When hackers breach telecom networks, they potentially access call records, messages, and location data for millions of ordinary users. The compromised infrastructure includes the same systems that process your texts and calls.
Former Israeli intelligence chief Yuval Wollman, now president of cybersecurity platform CyberProof, told The Telegraph that Salt Typhoon was "one of the most prominent names" in the world of cyber-espionage. "While much of the public reporting has focused on US targets, Salt Typhoon's operations have extended into Europe, the Middle East and Africa, where it has targeted telecoms firms, government entities and technology companies."
Intelligence sources suggest Britain's telecommunications networks were better protected than those in the US, citing the 2021 Telecommunications Security Act, which introduced new legal duties on telecoms firms to strengthen network security. However, there were still "many" different hacking attacks on Downing Street phones, particularly during Rishi Sunak's tenure as prime minister from 2022 to 2024.
In August 2025, the FBI, NSA, and CISA issued a joint cybersecurity advisory warning that Chinese state-sponsored actors were targeting networks globally. The advisory, co-signed by the UK's National Cyber Security Centre (the public-facing arm of GCHQ), noted that hackers often "maintain persistent, long-term access" to networks.
How to Protect Yourself
Security experts and US agencies, including CISA and the FBI, recommend these steps:
Switch to encrypted messaging apps. Services like Signal, WhatsApp, or Proton Mail use end-to-end encryption, meaning even if hackers intercept your messages, they can't read them. Regular SMS texts offer no such protection.
Keep everything updated. Install security patches for your phone, computer, and router as soon as they're available. These updates often fix vulnerabilities that hackers exploit. The Salt Typhoon attackers exploited publicly known vulnerabilities in network edge devices such as routers, firewalls, and VPN appliances—vulnerabilities that had available patches but weren't installed.
Enable multi-factor authentication. Adding a second verification step when logging into accounts creates an extra security layer that's much harder to breach.
Avoid sharing sensitive information via regular texts or calls. If you're discussing anything private, use encrypted channels or meet face-to-face.
The Bigger Picture
The timing is particularly sensitive. Prime Minister Starmer departed for China this week—the first visit by a British PM since Theresa May in 2018—to negotiate trade deals and investment ties. The visit follows the government's decision to approve plans for a Chinese mega-embassy in London, which would be located alongside some of the City's most sensitive communications cables.
Critics have accused the government of prioritizing economic ties over national security concerns. Shadow Minister for National Security Alicia Kearns, herself an alleged target in a separate Westminster spy case, said: "How much more evidence does this Government need before it ends its simpering to Xi and stands tall as the great country we are and defends us? Labour is rewarding hostile acts against our state."
MI5 issued an "espionage alert" to Parliament in November about the threat of Chinese state-sponsored spying. Last month, Parliament's Intelligence and Security Committee found that the "Government has no strategy on China, let alone an effective one," and was "singularly failing to deploy a 'whole-of-state' approach" in responding to the threat.
China's foreign ministry has dismissed the allegations as "baseless" and "lacking evidence," maintaining the country opposes all forms of cyberattacks. A Chinese embassy spokesman stated: "China is a staunch defender of cyber security and one of the major victims of cyber espionage and attacks. We firmly oppose the practice of politicising cybersecurity issues or accusing other countries without evidence."
But with US officials acknowledging that attackers could record calls "at will" and the full scope of the breach still unknown, the vulnerability of critical communications infrastructure has never been clearer. The Salt Typhoon campaign reveals an uncomfortable truth: when telecommunications networks get compromised, we're all potentially exposed. The best defense? Assume your regular calls and texts aren't private, and act accordingly.