What happened
A Chinese Salt Typhoon campaign compromised email systems used by staff on multiple U.S. Congress committees, including the House China Committee, foreign affairs, intelligence, and armed services staff. The espionage operation attributed to China’s Ministry of State Security involved unauthorized access to unencrypted email platforms, text, and voicemail systems used by congressional staff members. The breach was identified in December 2025 and represents an expansion of Salt Typhoon’s cyber espionage targeting against U.S. communications networks. While details of the exact intrusion vector are limited, the campaign continues longstanding efforts to infiltrate and monitor high-value political and policy-related communications. China’s government has publicly denied involvement, calling allegations “politically motivated disinformation.”
Who is affected
Staffers and officials associated with key U.S. House committees have had direct exposure to compromised communications; legislative operations and connected federal network systems face indirect intelligence risk.
Why CISOs should care
This incident highlights the strategic threat posed by advanced persistent state-sponsored actors targeting government communications, underscoring risks to confidentiality, national security, and inter-agency coordination.
3 practical actions
Review and harden email systems: Ensure secure configuration and monitoring of government and enterprise email infrastructure.
Enforce strong encryption: Mandate end-to-end encryption for sensitive communications.
Enhance threat monitoring: Deploy advanced intrusion detection and anomaly tracking on staff accounts and network logs.