Chinese Intelligence and U.S. Malware Gang Both Hack the President’s Phone in Unprecedented Dual Cyber Breaches
China carries out “the most significant cyber-espionage campaign in history” targeting high-level U.S. politicians; meanwhile, American hackers obtained an exhaustive database of every AT&T customer.
Several Chinese cyber-espionage groups are to blame for what FBI Director Christopher Wray has called “the most significant cyber-espionage campaign in history” – a massive breach that targeted 9 major U.S. telecom companies, leaving us uncertain if China can ever be evicted from U.S. networks.
The hack exposed over 1 million customers' call records, including high-profile figures like President Trump, Vice President Vance, and the Harris campaign.
The China-backed hackers, including Salt Typhoon, Flax Typhoon, and Volt Typhoon, gained initial access by exploiting a mix of known vulnerabilities and zero-day exploits. They employed sophisticated "living-off-the-land" tactics, allowing them to operate under the radar without detection. (Read more about Salt Typhoon's TTPs here.)
But perhaps the most shocking element of this espionage campaign?
The infiltration of U.S. law enforcement’s wiretap infrastructure. (Read more here.)
Once inside, the hackers shifted their focus to Washington D.C., targeting the phones of President Trump, VP Vance, and several high-profile politicians.
Why is this so critical?
By accessing these telecom networks, China gained a goldmine of intelligence—they now have precise knowledge of who is being monitored and which government operatives are compromised. The consequences? U.S. spies and sensitive personnel may now be at risk of exposure, blackmail, or worse.
Now China knows exactly which of their spies are under surveillance.
In response, the U.S. Treasury Department sanctioned Chinese entities linked with the historic attack on U.S. telecoms
Integrity Tech, associated with Flax Typhoon, responsible for massive botnets and IoT compromises
Yin Kecheng of Shanghai and Sichuan Juxinhe Network Technology Co, affiliated with Salt Typhoon
But what if North American hackers were also involved in both this campaign and an even BIGGER breach?
It’s a question that is as intriguing as it is treasonous.
The U.S. Malware Gang: A Coordinated Attack on Telecom Infrastructure
While China’s breach was a sophisticated and politically-focused operation, an equally troubling story unfolded at the same time. A
The Breach: Hackers, including individuals known as Connor Moucka and John Binns, allegedly infiltrated AT&T systems, stealing highly sensitive data. Among the exposed information? Presidential call logs, including those of President Trump, Vice President Vance, and other high-ranking political figures.
From AT&T alone, the American hackers stole over 50 billion call and text records, affecting more than 100 million customers--essentially, every single AT&T customer.
Ransom and Cover-Up: The hackers demanded $370,000 in ransom, and the Justice Department was forced to delay AT&T's public disclosure due to national security concerns—could this delay have been linked to the sensitive data on political figures?
Among the stolen data were call logs revealing the identities of FBI agents and informants.
In a shocking twist, U.S. Army soldier Cameron Wagenius was arrested in December 2024 after a hacker called kiberphant0m threatened to leak Presidential call logs in retaliation for the arrest of Moucka and Binns.
This revelation hints at potential insider threats within the U.S. military—could this be the work of a mole working with foreign actors?
The Unsettling Overlap: Coincidence or Coordination?
Both attacks targeted the same high-profile political figures—President Trump, Vice President Vance, and other political elites.
Both hackers demonstrated sophisticated knowledge of telecom infrastructure, hinting at insider knowledge or shared techniques.
The timing of these breaches raises the possibility of indirect collaboration—could one group have used the chaos from the other to further their mission?
Both groups have something the other may want–For China, recruiting a member of the U.S. military (specifically, a communication network expert) and a plausible proxy. For the American hackers, China could offer access to advanced malware tools and money laundering networks
2024 ended with some of the most shocking telecom breaches in history, one orchestrated by skilled Chinese state actors and the other by North American cybercriminals.
Espionage Meets Cybercrime: The dual breaches illustrate the increasing complexity of modern cyber threats, where foreign espionage groups and domestic cybercriminals may now be operating in a coordinated fashion, using similar tools and targeting the same individuals.
Intelligence at Risk: Accessing sensitive data, especially U.S. political and military officials’ communications, opens up the possibility of manipulation, blackmail, and espionage—both foreign and domestic.
The Need for Immediate Action: These breaches underscore the urgent need for better security protocols, coordinated international responses, and clearer legislation to address the hybrid nature of modern cyber threats.
This is not good for America! We need our own chips and make sure everything is made in America! This is top priority! We are vulnerable more than ever!
Why do AT&T think maintaining Insecure servers will not lead to them and their customers being exploited?