China’s “Salt Typhoon” Telecom Hack Has Wide-Ranging National Security and Foreign Investment Implications

In October 2024 the federal government formed a multi-agency team to investigate and address a sophisticated cyberattack on major U.S. telecom and internet service providers reportedly carried out by Salt Typhoon, an arm of China’s Ministry of State Security (MSS). According to reports, the Chinese hacking team has already siphoned data on phone call audio, text messages and internet traffic from high-value targets in the U.S., including individuals associated with government offices and officials. The Consumer Financial Protection Bureau (CFPB) has urged employees to refrain from conducting CFPB business “using mobile voice calls or text messages.” The simple, yet strikingly strong directive from the CFPB leadership is an alarming notice that Salt Typhoon and the MSS may have accessed institutions that we rely on within our professional and personal lives. Unfortunately, this incident is not exclusive to high-value targets and the MSS-backed Salt Typhoon may have also gained access to a wide swath of data, call records, text messages, and generic internet traffic.  

While many people have become somewhat accustomed to data breaches related to sensitive information exfiltrated to the dark web or potentially compromised passwords, this particular cyberattack has wide-ranging implications which may ultimately impact companies that have taken on foreign investors, shareholders, or operate in an industry deemed sensitive to national security.  

Potential CFIUS Implications 

As a result of the Salt Typhoon attack, it is anticipated that the Committee on Foreign Investment in the United States (CFIUS) may implement a more stringent and cautious approach in the CFIUS review process and national security mitigation measures for foreign investors. CFIUS is likely to rigorously scrutinize foreign investments, especially from regions or countries suspected of being linked to Salt Typhoon. Proposed transactions that involve telecom, access to critical technologies, sensitive data or infrastructure should anticipate more detailed examinations to assess potential national security concerns. This means that foreign investors may face longer review periods and increased documentation of controls that demonstrate their investments do not pose national security threats. The likely increase in scrutiny from CFIUS as a result of Salt Typhoon may deter foreign investment from regions, countries, or entities associated with Salt Typhoon or cyber threats in general.  

In cases where CFIUS identifies national security risks associated with foreign investment, there is an increased likelihood of blocking a transaction outright. The Salt Typhoon attack has highlighted the importance of safeguarding critical infrastructure from foreign interference, leading to CFIUS adopting a more proactive posture to prevent investments that could introduce cyber threats. The heightened CFIUS vigilance serves to protect national security interests but may also result in a reduction of foreign capital inflows.  

Companies with foreign investments that have been cleared by CFIUS but with a National Security Agreement may see increased oversight and monitoring of their compliance with a focus on incident detection and response.  

Special consideration should be given to investments needing enhanced security measures, controls, and infrastructure due to Salt Typhoon. It's critical to optimize and manage a wide variety of tactics to cover appropriate data protection, vulnerability assessments, incident response planning, and the implementation of controls to help safeguard operations against Salt Typhoon or similar threats. The Salt Typhoon attack necessitates strategic adjustments for companies to adapt to the security environment.  

If you have questions about the impact of this cyberattack on your organization, contact us below.