Federal authorities have called on telecommunications providers to enhance their network security in light of an extensive hacking campaign allegedly orchestrated by Chinese actors, which has given them access to the private communications of an unspecified number of Americans.

The FBI, alongside the Cybersecurity and Infrastructure Security Agency (CISA), issued recommendations aimed at addressing the ongoing threat as well as preventing similar incidents in the future. Officials who spoke to the media conveyed that the full extent of the attack, including how many U.S. networks are compromised and whether they remain vulnerable, is still unclear.

This joint warning is notable not only for its scope within the United States but also for its collaboration with security agencies from New Zealand, Australia, and Canada—countries that form the Five Eyes intelligence alliance, which also includes the UK.

Known as Salt Typhoon by cybersecurity experts, this extensive cyber espionage campaign surfaced earlier this year when hackers attempted to infiltrate the systems of multiple telecom firms. The intrusion allowed them to harvest metadata regarding numerous customers, such as the timing and recipients of calls and texts.

However, they successfully accessed actual recordings of calls and the content of texts from a smaller subset of individuals, many of whom are believed to be affiliated with governmental or political positions. The FBI has reached out to these specific victims, but it is largely up to telecom companies to inform the broader customer base whose data might have been compromised from the initial, more extensive intrusion.

Months of investigation have yet to reveal the complete scale of China’s operation, including the overall number of victims or whether hackers maintain any lingering access to the affected systems. The FBI has indicated that some of the hacked information pertains to ongoing investigations and legal proceedings, which implies that the hackers might have aimed to breach programs regulated by the Foreign Intelligence Surveillance Act (FISA). This legislation provides vast surveillance powers to U.S. intelligence agencies, particularly against individuals suspected of being foreign agents.

Nevertheless, officials emphasized their belief that the hackers’ motivations were more extensive; they aimed to establish a deep foothold within the American telecommunications infrastructure to obtain a wide array of personal data from U.S. citizens.

The recommendations for telecommunications companies focus primarily on technical safeguards. Officials advocate for enhanced encryption, centralization, and robust monitoring practices to deter future cyber intrusions. If these security measures are adopted, they could disrupt the ongoing Salt Typhoon operation and make it increasingly difficult for adversarial nations to mount similar cyber attacks later on, according to Jeff Greene, CISA’s executive assistant director for cybersecurity.

“We recognize that eliminating these cyber threats isn’t a guarantee that they won’t return,” Greene noted during the briefing.

Recent, high-profile hacking cases have also been attributed to China, amid claims from officials that Beijing is pursuing initiatives to obtain both technological and governmental secrets, not to mention access to vital infrastructure like the electrical grid.

In September, the FBI revealed that it had thwarted a significant Chinese cyber operation that involved the deployment of malware across over 200,000 consumer devices, such as cameras, digital recorders, and both home and office routers. This network of compromised devices was then exploited to create a massive botnet, potentially facilitating further cybercriminal activities.

In October, it was reported that Chinese hackers attempted to breach the communications of then-presidential candidate Donald Trump, his running mate Senator JD Vance, and associates of Democratic candidate Vice President Kamala Harris.

China has denied the allegations of cyberespionage leveled by U.S. officials, and a request for comment left with China’s Washington embassy was not promptly addressed.