Salt Typhoon, a Chinese state-backed hacking group, has been linked to cyberattacks in more than 80 countries. U.S. authorities say the campaign, active since 2019, compromised global telecom networks—breaching over one million call records and sensitive communications, including those of more than 100 Americans. Dutch intelligence has now confirmed that the same group also carried out cyberattacks against organisations in the Netherlands.

TL;DR

• Salt Typhoon, a Chinese state-backed hacking group, has targeted more than 80 countries.
• The campaign breached over one million call records, including sensitive U.S. communications.
• Dutch intelligence confirmed the group also attacked local ISPs and hosting providers.
• Officials warn Chinese cyber operations are becoming highly sophisticated and harder to defend against.

Key Takeaways

• Global reach: Salt Typhoon’s operations extend well beyond the U.S., touching Europe and over 80 nations.
• Local impact: Dutch ISPs and hosting providers were breached, though internal networks were not compromised.
• Growing sophistication: Authorities warn China’s cyber methods require constant vigilance.
• Resilience challenge: Risk can be reduced, but not eliminated, which tests national security.

On August 28, the Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) issued a joint statement. They confirmed they had independently verified U.S. findings that Salt Typhoon was behind espionage campaigns.

The U.S. had already linked Salt Typhoon to one of the most extensive telecom hacks in recent history. That operation accessed call records and communications of more than one million users worldwide, highlighting the scale and ambition of the campaign.

Impact in the Netherlands

The Netherlands was not a primary target, but Dutch agencies confirmed several organizations were affected. Hackers infiltrated routers belonging to smaller internet service providers and hosting companies.

Fortunately, investigators found no evidence that the attackers moved deeper into the companies’ networks. Still, the breaches show that even secondary providers in critical infrastructure remain on the radar of state-backed groups.

Response from Authorities

MIVD –Militaire Inlichtingen- en Veiligheidsdienst (Military Intelligence and Security Service of the Netherlands) and AIVD-Algemene Inlichtingen- en Veiligheidsdienst (General Intelligence and Security Service of the Netherlands) worked with the Dutch National Cyber Security Centre (NCSC) to alert affected companies and share intelligence with other stakeholders.

In their warning, officials said: “Chinese cyber operations have become so advanced that constant vigilance and proactive measures are required to detect and mitigate threats against Dutch interests.”

They added that while risks can be reduced, they “cannot be entirely eliminated, posing a significant challenge to the Netherlands’ cyber resilience.”

The Salt Typhoon campaign highlights how Chinese cyber operations are not confined to one region. With victims spread across more than 80 countries, the group demonstrates global intent.

For the Netherlands, the breaches serve as a reminder that even smaller infrastructure providers are attractive targets. Attackers often exploit overlooked entry points, such as routers at ISPs, to gain potential leverage.

For governments and businesses, the message is clear: cyber threats are expanding in scope, and resilience requires continuous monitoring, collaboration, and investment in defense.

Quick FAQs

Who is Salt Typhoon?
Salt Typhoon is a Chinese state-backed hacking group linked to espionage campaigns against telecom networks in over 80 countries.

What did they target in the Netherlands?
They accessed routers of smaller ISPs and hosting companies, but no evidence shows deeper breaches.

How big was the global campaign?
The campaign compromised more than one million call records and sensitive communications, including those of over 100 Americans.

How are Dutch authorities responding?
MIVD, AIVD, and the NCSC are coordinating intelligence-sharing and advising organisations on defense measures.