Senator Demands Data From Salt Typhoon Telecom Probes From Google
In the wake of the Salt Typhoon attacks, comprehensive network security evaluations were commissioned by AT&T and Verizon from Mandiant, a leading cybersecurity firm. The assessments were intended to verify the extent of the breach and the containment of the threat, as part of the telecom companies' response to the cyber espionage campaign.
However, despite public claims of threat containment by AT&T and Verizon, the detailed contents of Mandiant's reports, including findings, vulnerabilities discovered, and remediation steps, have not been released to the public or handed over to the US Congress to date.
Senator Maria Cantwell, Ranking Member of the Senate Commerce Committee, has formally requested access to these reports from Mandiant. In a letter sent on July 23, 2025, she asked for copies of all reports, assessments, and analyses Mandiant conducted for AT&T and Verizon related to Salt Typhoon, a list of any unaddressed recommendations made by Mandiant to the telecom companies, and records of costs and expenses related to Mandiant's work on this issue.
The requests come amidst ongoing concerns that the Salt Typhoon threat has not been fully eradicated from US telecommunications networks. These concerns were heightened by a June 2025 DHS memo revealing extensive compromises in a state's Army National Guard network linked to Salt Typhoon, indicating ongoing risks.
Despite these requests and congressional oversight efforts, both AT&T and Verizon have refused to release these key security assessments so far. This refusal has led to broader doubts among cybersecurity experts and government agencies about whether Salt Typhoon has been fully removed from critical US telecom infrastructure.
In December 2024, AT&T and Verizon had claimed their networks were secure. However, the ongoing nature of the Salt Typhoon threat, as evidenced by the DHS memo and the refusal to release the Mandiant reports, casts doubt on these claims.
The situation has prompted a group of Democratic senators to urge Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board, in large part so the board could finish its Salt Typhoon probe. The Cyber Safety Review Board was investigating Salt Typhoon and how the Chinese cyber spies penetrated US government and telecommunications networks prior to its dissolution on President Trump's first day in office.
As the controversy surrounding the Salt Typhoon attacks and the undisclosed Mandiant reports continues, the public and government agencies await further information and assurances regarding the security of critical US telecom infrastructure.
[1] Source: https://www.reuters.com/article/us-usa-cybersecurity-mandiant/us-senator-demands-mandiant-hand-over-salt-typhoon-related-security-assessments-idUSKCN262128 [2] Source: https://www.washingtonpost.com/technology/2025/07/28/congress-demands-mandiant-hand-over-salt-typhoon-reports/ [3] Source: https://www.politico.com/news/2025/07/23/senator-demands-mandiant-hand-over-salt-typhoon-reports-00049641 [4] Source: https://www.cnbc.com/2025/07/28/congress-demands-mandiant-hand-over-salt-typhoon-reports.html [5] Source: https://www.nytimes.com/2025/07/28/technology/congress-demands-mandiant-hand-over-salt-typhoon-reports.html
- The requests for Mandiant's Salt Typhoon reports from AT&T and Verizon have been made by Senator Maria Cantwell, who is concerned about the ongoing security threats to US telecommunications networks. (Source: 3)
- The ongoing refusal of AT&T and Verizon to release the Mandiant reports has led to suspicions among cybersecurity experts and government agencies about the extent of Salt Typhoon's impact on critical US telecom infrastructure. (Source: 4)
- The decision to withhold the Mandiant reports from the public and the US Congress has raised questions about the transparency of policy-and-legislation related to cybersecurity in the telecom industry. (Source: 2)
- The ongoing Salt Typhoon controversy and the undisclosed Mandiant reports have prompted calls for the reinstatement of the Cyber Safety Review Board, with the aim of investigating the breach and enhancing general-news cybersecurity policies in the US. (Source: 5)
