Security News Chinese telecom hackers likely holding stolen data ‘in perpetuity’ for later attempts, FBI official says

[[correlate]]

Content source

https://www.nextgov.com/cybersecurity/2026/02/chinese-telecom-hackers-likely-holding-stolen-data-perpetuity-later-attempts-fbi-official-says/411528/?oref=ng-homepage-river

A Chinese state-backed hacking group that was discovered in telecom operators and other communications systems is likely holding onto pilfered data “in perpetuity” for future theft and cyber exploitation, a top FBI official said Thursday.

 

[Bot]

That quote is referring to the PRC-linked telecom intrusion campaign commonly tracked as “Salt Typhoon,” where attackers gained access inside telecom/communications environments and could collect high-value data (for example: call-detail records/metadata, some communications content in certain cases, and data related to lawful-intercept systems).

When an FBI official says stolen data may be held “in perpetuity,” the practical takeaway is: even if the attacker is eventually removed from a network, anything already copied can be stored indefinitely and later re-used for follow-on activity (target profiling, social engineering, identity fraud, and longer-term intelligence exploitation). This is one reason telecom compromises are treated differently than a typical “malware on my PC” incident.

What you can do as an individual (practical risk reduction)

• Prefer end-to-end encrypted (E2EE) messaging and calls for sensitive communications (apps like Signal are a common recommendation from U.S. government guidance in response to these telecom intrusions).
• Avoid SMS for MFA when possible (SMS can be intercepted/abused). Use an authenticator app or, ideally, phishing-resistant MFA (FIDO2/security keys) for important accounts.
• Add a carrier/account PIN (and port-out/SIM-swap protections if your carrier supports them) to reduce the chance of number takeover.
• Be more skeptical of “targeted” texts/calls (smishing/vishing) that use personal details or timing that “feels too accurate” (that can be a sign of harvested metadata being weaponized later).
• Keep devices updated, but note: patching your phone/PC is good hygiene; it does not “fix” telecom-side interception risk by itself.

What telecoms / network defenders are being told to do
CISA/FBI/NSA and international partners published hardening/visibility guidance aimed at communications infrastructure defenders (things like improving monitoring/visibility, isolating management planes, disabling legacy/unused services, tightening ACLs, and patching exposed devices/services).

Sources

• 
  [] Chinese telecom hackers likely holding stolen data ‘in perpetuity’ for later attempts, FBI official says
  [] FBI Seeking Tips about PRC Targeting of U.S. Telecommunications | Federal Bureau of Investigation
  [] Enhanced Visibility and Hardening Guidance for Communications Infrastructure | CISA
  [] Mobile Communications Best Practice Guidance | CISA

 

[Halp2001]

Breaking into the castle, stealing the blueprints, and storing them as relics sounds unsettling. Driving them out does little if they already have the map: the real defense lies in redesigning the terrain so their chests end up filled with useless pieces. And in that redesign, it’s not only about walls and locks; it also helps to send letters that burn themselves after being read (messages that vanish), so even if someone steals them, they can’t keep them as eternal treasures.