Salt Typhoon, a hacking group tied to China's Ministry of State Security, spent years quietly burrowing into American telecommunications networks (AT&T, Verizon, and at least seven others) to access court-authorized wiretap systems. Now it has reached the FBI itself. On April 1, 2026, the FBI classified a breach of its Digital Collection System Network as a 'major incident' — the most serious cybersecurity designation available under federal law.
The attackers entered through a vendor's internet service provider, using a supply chain route to bypass the FBI's perimeter defenses. They accessed metadata showing phone numbers under surveillance, personal details of investigation subjects, and legal process returns gathered under court orders. Analysts detected the breach on February 17 through abnormal log activity, though what was taken remains under investigation; Congress was notified in early March.
It's the first time since at least 2020 the bureau classified its own systems with that designation. The intrusion means China's intelligence apparatus may now know not just who American law enforcement is watching, but how.