NSA to Hold Classified Briefings for Media Chiefs on Salt Typhoon Fallout Jan. 14

The National Security Agency will convene classified briefings for senior executives of at least five major U.S. television networks on Jan. 14 to discuss the full extent of the Salt Typhoon cyber intrusions and to propose new ground rules for reporting on classified leak investigations, according to three officials familiar with the plan. The sessions, scheduled for 10 a.m. and 2 p.m. at NSA headquarters in Fort Meade, Maryland, will include representatives from ABC, CBS, CNN, Fox News, and NBC, the officials said.

A fourth official, speaking on condition of anonymity because the briefings have not been announced, said the meeting was added to the calendar on Jan. 9 after a joint NSA and Cyber Command assessment concluded that Chinese state sponsored actors had maintained access to portions of domestic telecommunications networks longer than previously disclosed. The official said the briefings will be held in a secure conference room at Fort Meade and via a Defense Department classified video link for executives unable to travel.

Briefings Set for Fort Meade and Secure Video

The Jan. 14 briefings will open at 10 a.m. Eastern with a presentation by NSA cyber officials and will be repeated at 2 p.m. for a second group of network executives, according to two officials familiar with the schedule. The officials said the agency distributed a three page memorandum, titled Operational Bulletin 26-01, to invited participants on Jan. 10. The bulletin describes the sessions as a voluntary threat awareness briefing and asks attendees not to disclose the meeting's existence until the White House approves a public statement.

Representatives from AT&T, Verizon, and T-Mobile are also expected to participate in portions of the briefing, one official said, because the discussion will cover remediation efforts the carriers are carrying out under a classified $240 million emergency cyber contract awarded by U.S. Cyber Command in late December. The contract covers network forensics and hardware replacements at routing facilities in Virginia, Texas, and California, the official said.

The briefings are not open to reporters. One official said the networks were asked to send only their top news executives, general counsels, and corporate security officers. The officials did not name the individuals invited.

Scope of Breach Drove Decision

The decision to brief media executives followed a Dec. 30 internal assessment from the Office of the Director of National Intelligence that found Salt Typhoon related activity had touched call record metadata associated with journalists, congressional aides, and political campaign staff, two officials said. The assessment, which remains classified, was circulated to the White House Situation Room on Jan. 2 and prompted senior aides to recommend direct outreach to news organizations, one official said.

Chinese state sponsored hackers, linked by U.S. agencies to the Ministry of State Security, have been associated with the Salt Typhoon campaign since at least 2024. The hackers targeted routers and network management systems at multiple telecommunications providers. The new assessment concludes the campaign reached deeper into carrier networks than earlier public advisories indicated, according to the officials.

One official said the briefings will also address a separate concern: a recent uptick in unauthorized disclosures of classified cyber operation details that investigators believe may have originated from congressional staff or contractor personnel. The official said NSA lawyers plan to remind attendees of existing Justice Department guidelines governing the publication of classified material and to outline a new channel through which news organizations can route national security questions without exposing sources.

What News Executives Will Be Asked to Do

During the afternoon session, NSA officials are expected to request that network legal teams sign a one page acknowledgment stating they received the threat briefing, according to one official. The acknowledgment is not a binding nondisclosure agreement, the official said, but it will be kept in agency files and could be cited in any future leak investigation.

The officials said the agency also plans to distribute a classified addendum to an August 2025 Cybersecurity Advisory that named three Chinese technology companies as providers of cyber tools to Beijing's security services. The addendum contains additional technical indicators and asks carriers to begin new threat hunting by Jan. 20.

The White House has not commented on the planned briefings. A Justice Department official with knowledge of the filing said the department is separately reviewing whether any recent news stories based on leaked cyber documents merit referral to a federal prosecutor.

The stakes are high for both the administration and the networks. If the briefings leak before Jan. 14, officials may cancel the in person portion and move to smaller phone briefings, one official said. Watch for a potential statement from the Office of the Director of National Intelligence on Jan. 13, as well as fresh congressional inquiries from the Senate Intelligence Committee, which is scheduled to receive its own closed briefing on Jan. 16. In the next 48 to 72 hours, sources said, the networks must decide whether to accept the terms of attendance and which executives will travel to Maryland.