Norwegian Intelligence Discloses Country Hit by Salt Typhoon Campaign
Summary:
In February 2026, the Norwegian Police Security Service (PST) officially disclosed that Norway has been targeted by "Salt Typhoon," a sophisticated Chinese state-sponsored cyber espionage campaign. According to the PST’s annual threat assessment, the attackers successfully compromised network devices across various Norwegian organizations. This disclosure highlights a broader trend in which Chinese intelligence services are increasingly mapping Norwegian digital infrastructure and exploiting vulnerabilities in network hardware to facilitate long-term espionage.
Security Officer Comments:
The impact of these attacks is significant, contributing to what Norwegian officials describe as the most serious security situation for the country since World War II. By infiltrating critical network infrastructure, Salt Typhoon enables the interception of sensitive communications and the potential mapping of vital services.
The PST noted that these operations are part of a systematic effort by China to bolster its own military and security capabilities through the exploitation of collaborative research and the monitoring of Western digital assets. This creates a persistent threat to Norway’s national resilience and the privacy of its high-level political and commercial communications.
The Salt Typhoon attacks in the U.S. were significantly more invasive and targeted than the initial reports from Norway. While the Norwegian disclosure focuses on the compromise of network devices and mapping of infrastructure, the U.S. experience was characterized by deep, long-term infiltration into the core systems of major telecommunications providers.
In the U.S., Salt Typhoon went beyond simple device compromise. They successfully breached at least nine major providers. Most alarmingly, they gained access to lawful intercept systems, the backdoors used by U.S. law enforcement to conduct court-authorized wiretapping. This effectively allowed Chinese intelligence to "wiretap the wiretappers," seeing who the U.S. government was monitoring.
Suggested Corrections:
To mitigate these threats, the PST emphasizes a "vital" need for strengthened protective security and heightened situational awareness across both public and private sectors. Suggested Corrections strategies involve closer cooperation between authorities and operators of critical infrastructure to better detect and block unauthorized access to network devices.
Additionally, the agency advocates for more robust intelligence-sharing and the implementation of stricter security protocols to defend against the hybrid tactics employed by foreign intelligence services, which often combine cyber operations with traditional human intelligence and influence campaigns.
Link(s):
https://therecord.media/norawy-intelligence-discloses-salt-typhoon-attacks
In February 2026, the Norwegian Police Security Service (PST) officially disclosed that Norway has been targeted by "Salt Typhoon," a sophisticated Chinese state-sponsored cyber espionage campaign. According to the PST’s annual threat assessment, the attackers successfully compromised network devices across various Norwegian organizations. This disclosure highlights a broader trend in which Chinese intelligence services are increasingly mapping Norwegian digital infrastructure and exploiting vulnerabilities in network hardware to facilitate long-term espionage.
Security Officer Comments:
The impact of these attacks is significant, contributing to what Norwegian officials describe as the most serious security situation for the country since World War II. By infiltrating critical network infrastructure, Salt Typhoon enables the interception of sensitive communications and the potential mapping of vital services.
The PST noted that these operations are part of a systematic effort by China to bolster its own military and security capabilities through the exploitation of collaborative research and the monitoring of Western digital assets. This creates a persistent threat to Norway’s national resilience and the privacy of its high-level political and commercial communications.
The Salt Typhoon attacks in the U.S. were significantly more invasive and targeted than the initial reports from Norway. While the Norwegian disclosure focuses on the compromise of network devices and mapping of infrastructure, the U.S. experience was characterized by deep, long-term infiltration into the core systems of major telecommunications providers.
In the U.S., Salt Typhoon went beyond simple device compromise. They successfully breached at least nine major providers. Most alarmingly, they gained access to lawful intercept systems, the backdoors used by U.S. law enforcement to conduct court-authorized wiretapping. This effectively allowed Chinese intelligence to "wiretap the wiretappers," seeing who the U.S. government was monitoring.
Suggested Corrections:
To mitigate these threats, the PST emphasizes a "vital" need for strengthened protective security and heightened situational awareness across both public and private sectors. Suggested Corrections strategies involve closer cooperation between authorities and operators of critical infrastructure to better detect and block unauthorized access to network devices.
Additionally, the agency advocates for more robust intelligence-sharing and the implementation of stricter security protocols to defend against the hybrid tactics employed by foreign intelligence services, which often combine cyber operations with traditional human intelligence and influence campaigns.
Link(s):
https://therecord.media/norawy-intelligence-discloses-salt-typhoon-attacks