China’s Salt Typhoon attack against US telecoms has scored another victory, with a ninth telecom reportedly compromised by the attack.

Beijing-backed hacking group Salt Typhoon has managed to orchestrate the “worst telecom hack in” US history, with lawmakers and law enforcement sounding the alarm.

“My hair’s on fire,” said Senator Mark R. Warner, chairman of the Senate Intelligence Committee. He went to say “the American people need to know” the gravity of the situation.

“This is an ongoing effort by China to infiltrate telecom systems around the world, to exfiltrate huge amounts of data,” he added.

Senator Warner’s warning that the attack was ongoing has proved to be true. According to AP News, Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, told reporters that Salt Typhoon has managed to compromise a ninth telecom.

US Response to Salt Typhoon

The US has been scrambling to address the hack, although with only limited success to date. The FCC has been exploring new regulations aimed at forcing telecoms to implement stronger security measures.

“While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks,” FCC Chair Jessica Rosenworcel said.

Similarly, Brendan Carr—President-elect Donald Trump’s nominee to lead the FCC under the new administration—minced no words about the lapses in security that allowed Salt Typhoon’s hack.

“The Salt Typhoon intrusion is a serious and unacceptable risk to our national security,” Carr wrote on X. “It should never have happened. I will be working with national security agencies through the transition and next year in an effort to root out the threat and secure our networks.”

The FBI and CISA have advised that all individuals rely on secure, end-to-end encrypted (E2EE) messaging platforms, such as Signal and WhatsApp. Although iMessage is E2EE, as is RCS messaging on Android, cross-platform communication between Android and iOS is not secure unless a third-party platform like Signal and WhatsApp is used.

“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible,” said Jeff Greene, an executive assistant director for cybersecurity at CISA.

Given today’s revelation of Salt Typhoon’s ongoing success, users would do well to follow the FBI and CISA’s advice.