Salt Typhoon (China MSS) breached at least 9 US telecom carriers including AT&T, Verizon, T-Mobile, Lumen, Spectrum, Consolidated Communications, and Windstream. Active for 1-2 years before September 2024 discovery. Attackers accessed CALEA wiretap systems, obtaining a near-complete list of US law enforcement wiretap targets — a major counterintelligence failure. Call metadata for 1M+ users (mostly DC metro area) was accessed. Audio calls of high-profile targets (Trump, Vance, Harris campaign staff) were recorded. AT&T and Verizon confirmed the breach in December 2024. Described as ‘worst telecom hack in US history.’ Note: this entry covers the three confirmed US telcos; see separate entry for the broader Salt Typhoon critical infrastructure campaign.