SPIES from China are understood to have hacked the mobile phones of senior officials in Downing Street for several years.
Aides close to Boris Johnson, Liz Truss and Rishi Sunak were targeted for three years, between 2021 and 2024, when all three served as Prime Ministers, before the operation was exposed.
Chinese President Xi Jinping addresses the Party School of the CPC Central CommitteeCredit: Alamy
Ministers have vowed to protect British democracy in the face of cyber attacks by the ChineseCredit: Getty
One source said the breach went “right into the heart of Downing Street” – but it is still unconfirmed if the Conservative leaders themselves were ever compromised.
Intelligence sources in the US indicated to The Telegraph that the attack, codenamed Salt Typhoon, was still ongoing.
This means that Sir Keir Starmer and his senior staff may also be exposed to the infiltration, allowing a free-flowing leak of sensitive text messages, calls or important geolocation data straight to President Xi Jinping.
MI5 only issued an “espionage alert” to Parliament in November about the threat of spying from China.
Alicia Kearns, a shadow minister for national security, warned: “How much more evidence does this Government need before it ends its simpering to Xi and stands tall as the great country we are and defends us?
“Labour is rewarding hostile acts against our state.”
Kearns herself was one of the alleged targets of the Westminster spy case, in which two men were charged with passing sensitive intelligence from Parliament to the Chinese government
It comes as the Prime Minister is leaving for the Republic this week, which would be the first such trip since 2018.
James Kynge, China expert at Chatham House, told The Sun that Starmer’s priority is to advance British business interests – but that he will have to “walk a tight rope”.
“The difficulty for him will be to walk the tight rope between annoying the Chinese and annoying President Trump,” he explained.
“Starmer will have to say nice things to China, the sort of things they want to hear, but he’ll have to avoid provoking Trump.
“It is a balancing act, but one that has real consequences if Starmer fails, so it will be the biggest challenge for him.”
Earlier this month, The Sun revealed that Beijing has built a powerful spy agency of skilled hackers conducting digital espionage and infiltrating critical infrastructure.
The UK and the United States have accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.
They are not alone too. In November, Australia’s spy chief said hackers linked to the Chinese government and military are targeting critical infrastructure.
He warned of “unprecedented levels of espionage”.
A number of high-profile attacks are suspected to have been orchestrated by the notorious Salt Typhoon group – a hacking army operating out of China, believed to be run by the very top levels of government.
Their cyber-espionage has been active since at least 2020 – with a massive escalation in activity in 2023, 2024 and continuing through 2025.
The hackers have been behind some of the biggest – and most highly sophisticated – cyber attacks targeting Western countries, including the worst hack in US history.
In 2024, US officials said Salt Typhoon hackers targeted the telecom data of top US politicians – including those of Donald Trump, and .
Hackers had accessed the systems of nine American telecoms companies – revealing calls, texts, IP addresses and phone numbers from more than a million users.
Much of the data accessed belonged to “government targets of interest“, former deputy national security adviser Anne Neuberger said at the time.
Leading cybersecurity expert Will Geddes warned: “All these attacks have been traced to companies and individuals that are known to have links with the intelligence agencies within China.”
Identified as a dangerous threat operating on behalf of China’s Ministry of State Security, Geddes revealed that access to critical infrastructure is a “strategic prize” for hostile nations like China.
Gaining such sensitive information could cause widespread chaos in the West – providing China with near real-time visibility into communications.
Hackers could cause “infrastructure halts” or communication blackouts in targeted areas during a conflict – plunging enemies into darkness.
“Why this matters to all of us, and not just those government agencies, is that access to carrier infrastructure is a strategic prize,” Geddes said.
Sir Keir Starmer attends a Cabinet meeting at Downing Street ahead of his trip to BeijingCredit: Reuters
GCHQ said the hackers, with links to different Chinese cybersecurity companies, infiltrated governments, telecoms, transport and military infrastructure in the last four yearsCredit: Getty
“It can provide near real-time visibility into communications, historical metadata, location information and, in targeted cases, intercepted content.
“That gives a state actor a powerful tool for not only counterintelligence, but political, strategic targeting, and long-term intelligence collection.
“They can also use this information to disrupt networks, and confuse networks, which, as a hostile state actor, could be hugely, hugely beneficial to them if used in conjunction with other means and other methods of attack to a particular country.”
West in crosshairs
Last year, British intelligence authorities for the first time revealed that Chinese state-sponsored hackers were found inside the country’s critical national infrastructure.
GCHQ said the hackers, with links to different Chinese cybersecurity companies, infiltrated governments, telecoms, transport and military infrastructure in the last four years.
Mike Burgess, Australian Security Intelligence Organisation (ASIO) Director-General of Security, accused China of carrying out cyber attacksCredit: Reuters
US officials said the group have infiltrated more than 200 targets in more than 80 countries – and may have stolen information from nearly every American.
In April last year, the FBI announced a $10million bounty for information on individuals associated with Salt Typhoon.
According to a report by the New York Times, intel chiefs believe it is evidence that China’s capabilities rival those of the United States and its allies.
Mike Burgess, head of the Australian Security Intelligence Organisation (Asio), said authoritarian regimes like China were now more willing to “disrupt and destroy”.
Major cyberattacks linked to China
Ministry of Defence Payroll Hack (2024): Suspected Chinese attack exposing personal/financial data of 270,000 UK armed forces personnel.
Salt Typhoon (2023–Present): Compromised US and UK telecommunications specifically to track high-value individuals and infiltrate lawful wiretap systems.
UK Electoral Commission (2021–2022): Breached UK voter databases, accessing the personal data of 40 million Britons.
APT31 Campaign (2021): Targeted the email accounts of British Members of Parliament (MPs) who were critical of China.
Volt Typhoon (2021–Present): Infiltrated US and UK critical infrastructure (energy, water, transport) to pre-position for future disruptive attacks.
Microsoft Exchange / HAFNIUM (2021): Mass exploitation of email servers affecting 30,000+ organizations globally, including many in the UK.
Equifax Breach (2017): Military hackers stole personal financial data of nearly 150 million Americans.
OPM Hack (2015): Stole sensitive security clearance files of 22 million US federal employees.
Operation Cloud Hopper (2014–2018): Compromised global IT service providers (MSPs) to steal widespread intellectual property from Western companies.
Geddes explained that Beijing has been masterminding all these cyber operations against Western countries to target critical infrastructure for digital espionage.
“Their main objective is counterintelligence,” he added.
Cybersecurity companies in the West believe Salt Typhoon hackers target the servers and routers of major telecommunications and internet companies – as well as critical national infrastructure.
Experts say they exploit known vulnerabilities in firewalls, routers, and VPN products.
And by infiltrating sensitive infrastructure, they can gather vast amounts of user data – ranging from personal messages to top state secrets.
Crucially, accessing critical infrastructure would allow rogue actors to shut down power, water and other assets.
Operating in the shadows
However, the Chinese government very cleverly does not engage directly in these counterattacks – leaving little to no digital footprint that could be traced back to Beijing.
Proxy groups and fake companies are ordered to carry out sophisticated operations so that they are not traced back to the Chinese state – hiding behind a complex web of teams, Geddes explained.
He said: “They will not necessarily originate these attacks out of their own buildings, but through proxies, through entities and companies, which will allow them to present what we would call plausible deniability.”
Geddes said the sophistication of these attacks makes them very hard not to be perceived as state-driven operations by rogue nations.
“In terms of the targets, there have been some commercial and private entities,” he said.
“But the vast majority have been government entities, and again, going through those internet service providers.
Director General of MI5 Sir Ken McCallum said the UK needs to defend itself against China
“One of the biggest concerns about these attacks is not only that they have targeted multiple agencies and government departments, but many of the United States’ largest telecoms and ISP providers.”
Former Tory leader Iain Duncan Smith previously told The Sun that such cyber attacks are just the tip of the iceberg – with Beijing waging a colossal cyber war on the West.
He said: “This is China – the second largest economy in the world, the second largest military. It plans to take over America.
“They are very significant players now. They want to make sure the world is run in their way of thinking.
“If they can confuse us, make us unsure, disinform us, create division, then that plays well to their plans. China is working constantly to undermine us. This is the reality of what’s happening.
“This is just the beginning of what is essentially a war.”
Are Western countries prepared?
While awareness of the threat has increased dramatically since 2023, most experts and officials agree that critical infrastructure in the West remains highly vulnerable to Chinese cyber attacks.
They say Western nations are actively trying to counter these attacks, but they face significant challenges that limit their effectiveness.
Geddes highlights that intelligence agencies – specifically the FBI and CISA in the US, and GCHQ in the UK – are working “behind the scenes” to discover and remove the malicious exploits used by Salt Typhoon.
GCHQ previously said that China is the agency’s top priority as it “poses a genuine and increasing cyber-risk to the UK”.
Anne Keast-Butler, the agency’s director, accused Beijing of “working with others to try and reshape the world”.
US and allied intelligence agencies are now actively hunting on critical networks to find and remove Chinese hackers before a conflict begins.
The FBI and international partners have launched operations to identify and remove Chinese malware from networks (networks of infected home routers and cameras) that Chinese hackers use to hide their tracks.
Meanwhile, governments are increasingly forcing private companies in critical sectors to meet stricter cybersecurity standards.
Cybersecurity companies in the West believe Salt Typhoon hackers target the servers and routers of major telecommunications and internet companiesCredit: Getty
Eze Chidiebere Paul
I'm dedicated to creating high-quality content that informs, inspires, and delights. If you have any questions or suggestions, don't hesitate to get in touch. Happy reading!
