Norway’s national security agency has publicly accused a China-linked advanced persistent threat group known as Salt Typhoon of breaching multiple Norwegian companies and critical infrastructure by exploiting vulnerable network devices, a move seen as part of a broader, state-associated cyber espionage campaign that Western officials previously tied to major telecommunications compromises in North America and beyond; Norwegian authorities provided limited technical details but confirmed the intrusions and aligned themselves with mounting global concern over Beijing-linked cyber operations that have pressured telecoms and governments to tighten cybersecurity measures.
Sources
https://techcrunch.com/2026/02/06/chinas-salt-typhoon-hackers-broke-into-norwegian-companies/
https://www.webpronews.com/salt-typhoons-nordic-incursion-how-chinas-most-notorious-cyber-espionage-group-breached-norwegian-companies-and-what-it-signals-for-global-telecom-security/
https://www.abijita.com/chinese-salt-typhoon-hackers-accused-of-breaching-norwegian-companies/
Key Takeaways
• Norway has confirmed that the China-linked Salt Typhoon hacker group successfully breached several organizations in the country by targeting weak network infrastructure.
• Salt Typhoon is widely viewed by Western intelligence as part of an expansive Chinese cyber espionage effort that has previously infiltrated telecommunications firms in the United States and Canada, triggering heightened cybersecurity actions.
• Officials released only limited specifics of the Norwegian breaches, underscoring both the clandestine nature of the operations and the broader strategic challenge presented by state-associated cyber threats.
In-Depth
The Norwegian Police Security Service has taken the notable step of publicly attributing recent cyber intrusions to Salt Typhoon, a hacking collective widely believed by Western governments to operate with the backing or direction of Chinese state intelligence. According to published assessments, this group did not merely probe networks for opportunistic gains but methodically exploited systemic vulnerabilities in routers, VPN concentrators, and other foundational network equipment to install persistent access, a tactic that allows actors to remain inside a victim’s digital infrastructure long after detection. While Norwegian authorities have not released granular technical descriptions of every exploit or affected firm, the admission of compromise itself marks a significant development in Europe’s cybersecurity landscape and confirms that Beijing-linked operations have now extended their footprint into Scandinavian markets.
Salt Typhoon’s activities are not isolated to Norway. For years, cybersecurity researchers and U.S. officials have documented the group’s incursions into North American telecom giants, including notable breaches where routers and core network hardware were manipulated to siphon off communications, metadata, and potentially content tied to high-profile individuals and government wiretapping interfaces. These intrusions prompted major telecommunication companies to overhaul their defenses and spurred regulatory interest in mandating stricter cybersecurity standards for critical infrastructure providers. The group’s modus operandi typically involves leveraging unpatched vulnerabilities in widely deployed networking gear to gain unauthorized access, followed by stealthy lateral movement that evades traditional endpoint detection systems.
The public confirmation by Norway highlights a growing willingness among allied nations to confront and disclose state-linked cyber activity openly rather than handle such incidents through quieter diplomatic channels. It also reflects the challenge of defending against advanced persistent threats that possess both the technical sophistication and strategic support to target critical sectors across borders. For Norwegian firms and infrastructure operators, the disclosure serves as a wake-up call to intensify network hygiene practices, keep firmware and security patches up to date, and assume that foreign adversaries possess both intent and capability to exploit even small configuration gaps. In the broader geopolitical arena, such cyber espionage campaigns underscore how digital domains have become central to national security competition, with state-linked actors willing to breach private and public sector networks to glean intelligence and potentially influence geopolitical outcomes. As Salt Typhoon’s footprint continues to be traced around the globe, Western nations face rising pressure to coordinate defensive measures, share threat intelligence, and construct resilient systems that can withstand sophisticated adversary operations without compromising sensitive communications or strategic infrastructure.