The U.S. government has issued new cybersecurity guidance addressing Chinese hacking activities targeting critical communications and infrastructure systems, with a particular focus on mobile device security and telecommunications networks. The advisory follows a series of escalating concerns about Chinese-backed threat actors compromising telecommunications infrastructure.
A major concern centers on the “Salt Typhoon” hack, which compromised major U.S. mobile carriers and potentially enabled access to millions of Americans’ communications. The Cybersecurity and Infrastructure Security Agency (CISA) notes that unencrypted SMS messages and phone calls were vulnerable to interception through this breach, highlighting longstanding vulnerabilities in traditional telecommunications infrastructure.
Federal authorities are also investigating potential security risks associated with TP-Link routers, which hold approximately two-thirds of the U.S. router market share. Microsoft researchers have identified a Chinese hacking operation called CovertNetwork-1658 that has compromised thousands of these devices to create a global network for unauthorized access.
In response to infrastructure concerns, Congress has allocated $3 billion to the “rip-and-replace” program, aimed at removing telecommunications equipment manufactured by Huawei and ZTE from rural U.S. networks. The initiative continues efforts to secure American telecommunications infrastructure that began with the FBI and CISA’s previous joint advisories on communications security.
CISA has issued specific guidance recommending the use of end-to-end encrypted communications applications such as Signal, WhatsApp, and iMessage. “SMS messages are not encrypted—a threat actor with access to a telecommunication provider’s network who intercepts these messages can read them,” CISA stated. The guidance supports CISA’s broader push for enhanced mobile security measures.
For enhanced security, CISA recommends that iPhone and Android users implement complex passwords managed through password manager software, and use authenticator apps or hardware security keys for sensitive accounts rather than SMS-based verification. The recommendation comes as major technology companies like Microsoft prepare to implement native passkey support in their authentication systems.
The recommendations emerge amid ongoing concerns about the interconnected nature of U.S.-China supply chains and the resulting complexity of digital security systems. The federal government continues to evaluate and respond to potential vulnerabilities in telecommunications infrastructure and mobile communications, with a particular emphasis on implementing phishing-resistant authentication methods and quantum-resistant cryptography across federal systems.
Follow Us