Chinese state-backed hackers infiltrated a major American telecommunications company as early as the summer of 2023, corporate investigators have revealed, raising serious concerns about the timeline and scope of China’s cyber-espionage in the U.S.
According to sources familiar with the findings and an unclassified report obtained by Bloomberg, the breach remained undetected for seven months. The compromised systems belonged to IT administrators at the unnamed telecom firm. The attack utilized “Demodex,” a rootkit linked to multiple Chinese state-sponsored hacking groups.
The malware remained in the company’s systems until late winter 2024, giving attackers months of deep, undetected access to critical communications infrastructure. Demodex is specifically designed to avoid detection, making it difficult for cybersecurity teams to assess the full damage.
This breach occurred well before the U.S. government disclosed the high-profile Salt Typhoon cyber campaign, in which Chinese hackers targeted major U.S. telecom providers, including AT&T and Verizon. That campaign included attempts to collect personal data on millions of Americans and gain access to the communications of political figures such as President Donald Trump, JD Vance, and then-Vice President Kamala Harris.
The discovery suggests Chinese cyber operations against U.S. infrastructure were already active long before previously acknowledged, potentially undermining national security and raising alarm among Western intelligence agencies.
In response, the Chinese embassy in Washington accused the U.S. of spreading “disinformation,” with spokesperson Liu Pengyu calling on American officials to “stop using cybersecurity to smear and slander China.”
This latest revelation underscores the growing sophistication and aggression of Chinese cyber threats, particularly in targeting infrastructure critical to national security, such as telecommunications.
