Cyber Threat Actor: Salt Typhoon

Salt Typhoon is a threat actor known by that alias. The actor’s location has been identified as China. No other names or aliases are publicly referenced in the available material. The group is referred to exclusively as Salt Typhoon in the cited reporting.

In a publicly reported operation dated December 1, 2025, Salt Typhoon compromised email accounts belonging to staff members of several United States House committees. The affected committees included those focused on China, foreign affairs, intelligence, and armed services. The intrusion was detected by investigators who observed unauthorized access to the accounts. It remains uncertain whether the personal email accounts of any lawmakers were accessed during the incident.

The actor’s location in China is the only geographic detail that has been confirmed. Chinese officials publicly denied involvement when questioned about the incident. United States authorities, including the Federal Bureau of Investigation and the White House, have not issued public comments on the compromise. No explicit linkage to a state sponsor or criminal consortium is presented in the source material.

The December 2025 email compromise represents a notable campaign that has been attributed to Salt Typhoon in open sources. This operation illustrates the actor’s interest in targeting U.S. legislative entities. Details regarding malware families, initial access vectors, or specific tools used in the intrusion are not disclosed in the reporting. Consequently, the profile is limited to the confirmed facts of the actor’s alias, location, and the described incident.