U.S. to Sanction Chinese Tech Firm and Charge Three Hackers in Telecom Breach, Officials Say

Coordinated Action Set for April 6

The United States will impose sanctions on a Chinese technology company and unseal criminal charges against three of its employees for a long-running cyber intrusion into American telecommunications networks, according to four U.S. officials familiar with the matter. The coordinated announcement, scheduled for April 6, represents the most significant public attribution of a Chinese state-sponsored hacking operation since the 2020 indictment of PLA officers for the Equifax breach, the officials said.

The Treasury Department's Office of Foreign Assets Control is preparing to add Sichuan Jiusan Network Technology Co., a Chengdu-based firm, to its sanctions list, two officials said. The company, which lists network security services among its commercial offerings, has served as a front for operations by the Ministry of State Security, according to a classified National Security Agency assessment dated March 27 that was circulated to the White House and relevant agencies. The sanctions will freeze any U.S. assets held by the company and prohibit American persons from conducting business with it.

Separately, the Justice Department has filed a sealed indictment in the U.S. District Court for the Eastern District of New York in Brooklyn naming three Chinese nationals as defendants, a senior official involved in the matter said. The charges include conspiracy to commit computer fraud, wire fraud, and aggravated identity theft. The defendants are not in U.S. custody and are believed to be in China, the official said.

A principals committee meeting at the White House on April 1 at 3 p.m. approved the final timing of the announcement, according to two officials briefed on the session. The meeting included senior representatives from the Justice Department, Treasury, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence.

Scope of the Telecom Compromise

The intrusion targeted core network equipment at multiple U.S. telecommunications providers and allowed the hackers to intercept metadata and, in some cases, content from calls and messages associated with high-value targets, three officials said. The compromise was first detected by a major carrier in late 2024 and was later linked to a campaign that security researchers have tracked under the name Salt Typhoon.

The classified NSA assessment concluded that Sichuan Jiusan Network Technology provided infrastructure, malware development, and operational support to the hackers, according to two officials who read portions of the document. The assessment identified specific internet addresses, payment accounts, and travel records that the U.S. government plans to cite in its public attribution, the officials said.

Treasury officials estimate that U.S. carriers and government agencies have spent roughly $230 million on remediation, network segmentation, and enhanced monitoring since the compromise was discovered, according to a congressional aide briefed on the figure. The cost is expected to rise as additional providers complete security overhauls of their core routing and signaling systems.

The hackers gained access through a combination of credential theft and exploitation of unpatched edge devices, according to a CISA alert drafted in preparation for the public rollout. The alert, which officials expect to release alongside the sanctions and indictment, names specific software versions and configuration weaknesses that other carriers should address.

International Coordination and What to Watch

The Trump administration, as the 2026 midterm elections approach, has pressed allied governments to issue parallel statements or take complementary actions against Chinese cyber operations, two senior diplomats said. Britain, Australia, Canada, and New Zealand are expected to issue advisories identifying the same group and infrastructure within 48 hours of the U.S. announcement, the diplomats said. Japan and South Korea have been briefed but have not decided whether to join the public attribution, one diplomat added.

The announcement will also include a rewards offer through the State Department's Transnational Organized Crime Rewards Program for information leading to the arrest or conviction of the three defendants, a Justice Department official with knowledge of the filing said. The reward amounts have not been finalized but are expected to total up to $10 million.

Officials said they expect the Chinese government to deny the allegations and to retaliate through diplomatic protests and possible counter-sanctions against U.S. cybersecurity firms. The Chinese Embassy in Washington did not respond to a request for comment placed Thursday evening.

In the next 72 hours, watch for three developments: the unsealing of the indictment in Brooklyn, the publication of Treasury sanctions designations, and a joint cybersecurity advisory from CISA, the FBI, and the NSA. Congressional aides said the Senate Select Committee on Intelligence has requested a closed briefing for the week of April 13, and the House Permanent Select Committee on Intelligence is expected to hold a similar session.

The action also raises immediate questions for U.S. carriers and their suppliers. Industry executives are bracing for new federal mandates on network segmentation and supply-chain auditing, according to two defense contractors present at a March 31 briefing at Fort Meade, Maryland. The Federal Communications Commission is expected to open a proceeding on the issue later in April, one contractor said.