What is Salt Typhoon and why is the UK Cracking Down?

The year is 2021 and the stage is set for a raging global hack, later dubbed the worst in US history. 

Major victims include telecommunication giants, with attackers stealing information that enables those responsible to track what their targets say and where they go. 

Among those hit five years ago were AT&T and Verizon. Even more disturbingly, the famed US wiretapping systems were compromised, enabling operators to monitor the communications of high-ranking officials, including US President Donald Trump and Vice President JD Vance. 

The culprits, based in the People's Republic of China, go by monikers such as Operator Panda, RedMike, GhostEmperor, Earth Estries and UNC5807. Crucially, though, they are part of a global espionage campaign called Salt Typhoon, known to be active since at least 2020. 

This cocktail of global espionage fed Chinese Intelligence Services by targeting governments, telecommunications, transportation and military infrastructure on a global scale. 

Incoming UK Sanctions on two Salt Typhoon Companies

Having identified the Chinese companies supposedly behind this cyber onslaught, the UK Government has now imposed sanctions.

It follows the publication of a Joint Cybersecurity Advisory Report titled Countering Chinese State-Sponsored Actors: Compromise of Networks Worldwide to Feed Global Espionage System. The report was authored by an international coalition of agencies including the US Federal Bureau of Investigation, the UK’s National Cyber Security Centre and Germany’s Federal Intelligence Service.

First to be sanctioned is Sichuan Anxun Information Technology Co Ltd, better known as i-Soon. The company is accused of targeting more than 80 government and private sector systems worldwide while supporting other threat actors in carrying out malicious cyber activity.

Integrity Technology Group Incorporated, also known as Integrity Tech, has also been sanctioned by the UK for controlling covert cyber networks and technically supporting other cyber attackers. 

The UK’s own public sector IT systems have fallen victim to Integrity Tech’s operations.

UK Foreign Secretary Yvette Cooper described the sanctioned companies as undertaking “vast and indiscriminate cyber activities against the UK and its allies". 

Early in 2025, the US also sanctioned Integrity Tech for its involvement in malicious cyber campaigns.

UK-China cybersecurity relations 

While the investigation did not show evidence of any zero day vulnerabilities being used, it revealed a consistent pattern of Salt Typhoon threat actors relying on CVEs (common vulnerabilities and exposures).

The advisory report describes in detail the methods used by malicious actors to achieve initial access and to then maintain persistence. 

The report has, unsurprisingly, been poorly received by the Chinese Government, which denounced the sanctions and claimed it was, in fact, the biggest victim of cyber attacks.

China’s Foreign Ministry spokesperson Guo Jiakun said the nations "stands against hacking and fights such activities in accordance with the law". 

Calling on the UK to "correct its wrongdoing," he added: "We firmly oppose spreading disinformation out of political agenda. China strongly deplores and firmly rejects the UK’s political manipulation under the pretext of cybersecurity."

The exchange highlights the formation of a diplomatic fault line between Beijing and London when it comes to cybersecurity.