Salt Typhoon Hacked Downing Street Mobile Phones for Years, Exposing Senior UK Government Communications
Chinese state-sponsored hackers compromised mobile phones of senior Downing Street officials for several years, exposing private communications of some of the closest aides to three British prime ministers, according to a report by The Telegraph.
The espionage operation, attributed to the Beijing-linked threat group Salt Typhoon, targeted phones of senior government members between 2021 and 2024. Sources with knowledge of the breach said it went "right into the heart of Downing Street," though it remains unclear whether the mobile phones of Prime Ministers Boris Johnson, Liz Truss, or Rishi Sunak were directly compromised.
US intelligence sources indicated the Salt Typhoon operation is ongoing, raising the possibility that current Prime Minister Sir Keir Starmer and his senior staff may also have been exposed.
Global Telecommunications Espionage Campaign
The Downing Street compromise formed part of a global espionage operation by Beijing that targeted multiple countries including the United States and the other Four Eyes intelligence alliance members: Australia, Canada, and New Zealand.
The breaches date back to at least 2021 but were only discovered by intelligence agencies in 2024 when the United States disclosed that hacking groups linked to Beijing had gained access to telecommunications companies worldwide.
Anne Neuberger, who served as US deputy national security adviser, stated the hackers had the ability to "record phone calls at will." A senior US official described the global breach as "one of maybe the more successful campaigns in the history of espionage."
The intrusions gave Chinese intelligence access to phone data of millions of people, enabling officers to eavesdrop on calls, read text messages, and potentially track users' locations. Even without direct call interception, hackers could access metadata revealing who officials were communicating with, how frequently, and geolocation data showing their approximate whereabouts.
Multiple Attack Waves Targeted UK Government
The Telegraph reports there were "many" different hacking attacks on phones of Downing Street staff and across wider government, particularly during Prime Minister Sunak's tenure from 2022 to 2024.
Technology Secretary Peter Kyle acknowledged after taking office that he "became very, very aware that there was a cybersecurity challenge that our country faced that I simply wasn't aware of before becoming secretary of state."
Intelligence sources suggested Britain's telecommunications networks were better protected than those in the United States, citing the 2021 Telecommunications Security Act which introduced new legal duties on telecoms firms to strengthen UK network security. However, the scale of compromise indicates significant exposure nonetheless.
Salt Typhoon Operations Extend Beyond US
While public reporting has focused primarily on US targets, Salt Typhoon's operations have extended into Europe, the Middle East, and Africa, targeting telecommunications firms, government entities, and technology companies.
Yuval Wollman, former Israeli intelligence chief and current president of cybersecurity platform CyberProof, described Salt Typhoon as "one of the most prominent names" in the cyber-espionage world. He confirmed breaches across multiple regions including UK critical infrastructure in 2023 and 2024, with the campaign collecting communications routing and geolocation metadata from government and defense systems.
Dakota Cary from the Atlantic Council's Global China Hub noted that Salt Typhoon has focused on telecommunications firms and network backends to intercept communications between individuals. "We know that China has been interested in getting political intelligence on MPs and decision-making in British politics," he said, referencing the recent Westminster spy case in which two men were charged with passing sensitive intelligence from Parliament to the Chinese government.
FBI Warning on Persistent Access
The FBI issued a public alert last year warning that Chinese state-sponsored cyber threat actors were targeting global networks including telecommunications, government, and military infrastructure.
The stolen data "ultimately can provide Chinese intelligence services with the capability to identify and track their targets' communications and movements around the world," the alert stated, adding that hackers often "maintain persistent, long-term access" to networks.
The advisory was co-signed by intelligence agencies from multiple countries including the UK's National Cyber Security Centre, the public-facing arm of GCHQ. However, the only official UK government confirmation of Salt Typhoon impact has been a vague reference to a "cluster of activity."
By contrast, US officials have been vocal about breach severity, confirming that Chinese hackers targeted Donald Trump, JD Vance, and Kamala Harris during the 2024 presidential election campaign.
Disclosure Timing Raises Questions
The disclosure comes as Prime Minister Starmer departs for China this week, the first visit by a British prime minister since Theresa May in 2018, to secure trade and investment ties with Beijing. The visit follows government approval of plans for a Chinese mega-embassy in London.
Parliament's Intelligence and Security Committee found last month that the "Government has no strategy on China, let alone an effective one" and was "singularly failing to deploy a 'whole-of-state' approach" in responding to the threat.
MI5 issued an "espionage alert" to Parliament in November regarding the threat of Chinese state spying.
China's foreign ministry has dismissed the claims as "baseless" and "lacking evidence." A Chinese embassy spokesman stated China is "a staunch defender of cyber security" and "firmly opposes the practice of politicising cybersecurity issues or accusing other countries without evidence."
