The advisory was sent as a government-wide investigation continues into a breach of US telecommunications infrastructure widely believed to have been carried out by the Chinese government-linked hacking collective known as Salt Typhoon.

In the email, DHS CIO Eric Hysen encouraged DHS employees to prioritize Microsoft Teams for communication when possible and to be cautious about using phone calls and SMS. The advisory follows extensive Chinese infiltration into multiple telecommunications firms involved in court-authorized wiretaps by Salt Typhoon. However, the email did not directly reference Salt Typhoon or its recent activities.

The Wall Street Journal recently reported that the Consumer Financial Protection Bureau's Office of the Chief Information Officer also had advised its staff to avoid using phones for work matters, though the agency clarified it was not affected by the breach.

On Thursday, members of the US Intelligence Community conducted a classified briefing for House oversight committees on the breaches. A briefing for Senate members is expected this week. The Senate Select Committee on Intelligence reportedly has already been receiving frequent updates.

Salt Typhoon, also known by aliases such as Ghost Emperor, Famous Sparrow, and UNC2286, is an advanced persistent threat group attributed to the Chinese government. Active since at least 2020, the group has garnered attention for its focus on cyberespionage, particularly targeting US law enforcement, intelligence agencies, and their supporting telecommunications networks. Salt Typhoon's operations reflect a methodical and long-term approach to intelligence gathering, creating serious implications for national security, especially in terms of law enforcement communications and intelligence community operations.

Salt Typhoon has demonstrated the ability to compromise major US telecommunications providers such as AT&T, Lumen, and Verizon, it has been reported, all of which provide critical infrastructure for government agencies, including systems supporting court-ordered wiretaps. By infiltrating these communications channels, Salt Typhoon can potentially intercept sensitive communications, including wiretaps and calls involving law enforcement investigations and potentially compromising vast amounts of personal and sensitive information. This access could also undermine the confidentiality of ongoing law enforcement, intelligence collection, and counterintelligence operations and investigations and compromise evidence integrity.