Chinese Hacking Group “Salt Typhoon” Breaches U.S. Congressional Email Systems in Major Cyber Espionage Operation
By: Juba Global News Network | JubaGlobal.com
January 8, 2026
A sophisticated Chinese state-sponsored hacking group known as “Salt Typhoon” has successfully infiltrated email accounts belonging to staffers on several key U.S. House of Representatives committees, according to multiple intelligence sources and a classified briefing delivered to congressional leaders on January 7, 2026. The breach, described by cybersecurity experts as one of the most serious incursions into legislative branch systems in years, targeted committees handling China policy, foreign affairs, homeland security, and intelligence oversight.
U.S. officials confirmed that the compromised accounts included senior aides and policy staff on the House Select Committee on the Chinese Communist Party, the House Foreign Affairs Committee, the House Homeland Security Committee, and subcommittees with jurisdiction over intelligence matters. While no evidence has emerged that members of Congress themselves were directly targeted, the accessed emails reportedly contained sensitive communications about U.S. policy toward Taiwan, sanctions strategy, technology export controls, and internal deliberations on countering Chinese influence operations.
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent joint advisory late Tuesday, attributing the campaign with “high confidence” to Salt Typhoon—a hacking collective linked to China’s Ministry of State Security (MSS). Previously known for targeting critical infrastructure sectors under the “Volt Typhoon” umbrella, Salt Typhoon has shifted focus toward political and policy institutions in what analysts describe as a strategic pivot toward intelligence collection ahead of anticipated escalations in U.S.-China tensions.
Scope and Timeline of the Breach
The intrusion is believed to have begun as early as mid-2025, with attackers exploiting vulnerabilities in Microsoft Exchange servers used by congressional staff. Once inside, the group deployed custom malware to maintain persistent access, exfiltrate emails, and move laterally across networks. Sources familiar with the investigation say the hackers prioritized communications involving upcoming legislation on semiconductor supply chains, rare earth minerals, and potential sanctions related to Chinese activities in the South China Sea and Arctic.
House Speaker Mike Johnson, in a closed-door session with committee chairs, described the breach as “deeply alarming” and vowed enhanced cybersecurity measures across the legislative branch. The affected committees have initiated mandatory password resets, two-factor authentication upgrades, and forensic reviews of potentially compromised data.
White House officials, while declining to comment on specific intelligence matters, reiterated the administration’s stance that Chinese cyber aggression represents an ongoing national security threat. Secretary of State Marco Rubio, speaking to reporters after a separate briefing on Arctic policy, called the incident “yet another example of the CCP’s relentless campaign to steal American secrets and undermine our democratic institutions.”
Broader Context: Escalating U.S.-China Cyber Conflict
The Salt Typhoon operation comes amid a surge in Chinese-linked cyberattacks on U.S. targets. In 2025 alone, Volt Typhoon affiliates disrupted power grids in the Pacific Northwest (briefly causing outages in three states), infiltrated telecommunications networks, and probed water treatment facilities. The shift toward congressional targets suggests Beijing is seeking granular insight into U.S. legislative priorities as the Trump administration pursues aggressive policies on trade, technology decoupling, and strategic resource competition—including recent moves regarding Greenland’s rare earth deposits.
Cybersecurity firm Mandiant, which assisted in the initial detection, noted that Salt Typhoon employs advanced “living off the land” techniques—using legitimate system tools to blend in with normal network activity—making detection extraordinarily difficult. The group’s tactics mirror those used in previous breaches of U.S. think tanks, defense contractors, and federal agencies.
Political and Diplomatic Fallout
The timing of the revelation—coming just days after the administration’s dramatic actions in Venezuela and Greenland—has amplified partisan reactions on Capitol Hill. Members of the House Select Committee on China, led by Chairman John Moolenaar (R-MI), called for immediate hearings and potential new sanctions. “This is not just espionage,” Moolenaar said in a statement. “It’s an act of war in the digital domain.”
Democratic leaders, while condemning the breach, urged caution against politicizing intelligence findings. Ranking members emphasized the need for bipartisan cooperation on cybersecurity funding, noting that congressional systems have historically lagged behind executive branch protections.
China’s Ministry of Foreign Affairs rejected the allegations as “groundless” and “slanderous,” accusing the United States of hypocrisy given its own global surveillance programs. Spokesperson Lin Jian suggested the claims were designed to “stoke confrontation” and distract from domestic issues.
Implications for U.S. Policy and Security
Experts warn that the breach could provide Beijing with real-time visibility into congressional deliberations, potentially allowing China to anticipate and counter U.S. legislative moves on everything from TikTok bans to defense authorizations. More broadly, it underscores the asymmetric nature of U.S.-China cyber competition: while American offensive capabilities remain formidable, defensive gaps in non-executive institutions persist.
The incident is likely to accelerate calls for comprehensive cybersecurity reform across government branches. Proposals under discussion include mandating zero-trust architecture for congressional networks, expanding threat-sharing with private sector partners, and increasing funding for the Capitol’s Office of Cybersecurity.
As investigations continue, the Salt Typhoon breach serves as a stark reminder of the deepening digital front in great-power rivalry. With U.S.-China relations already strained over trade, technology, and territorial ambitions, this latest cyber escalation threatens to further erode trust and complicate diplomatic engagement.
Juba Global News Network will provide updates as new details emerge from ongoing investigations.
