Europe's telecoms sector under increased threat from cyber spies, warns Denmark

Denmark’s cybersecurity agency published a threat assessment on Thursday warning of an increase in state-sponsored cyber espionage activities targeting the telecommunications sector in Europe.

It is the first public warning by a European government agency that suggests governments on the continent share the alarm of the United States over a Chinese spying campaign tracked as Salt Typhoon, although the Danish authorities did not explicitly mention Salt Typhoon or China.

There has not yet been confirmation of Salt Typhoon activity in Europe from European governments or businesses, but a senior U.S. official told journalists last year that European targets had been compromised by the Chinese campaign. 

U.S. and European sources who spoke to Recorded Future News have said that cybersecurity agencies on the continent lack the technical attribution capabilities of their counterparts in the United States, and that their governments may also lack the political incentives to make a public attribution even if China is identified as responsible.

Announcing that it was raising the threat level to “high,” the Danish cybersecurity agency said “there have been several attempts at cyber espionage against the European telecommunications sector in the past few years” due to “increased interest in the telecommunications sector in Europe by state hackers.”

The Salt Typhoon campaign first came to light in the U.S. after the hackers intercepted the correspondence of senior officials within both 2024 presidential campaigns, including Donald Trump and JD Vance. Cybersecurity firm Trend Micro has also identified the Salt Typhoon campaign targeting telecommunications companies in Southeast Asia.

Denmark’s threat assessment said “foreign states hope to gain access to large amounts of data about customers' use of the providers' infrastructure by spying on telecom and internet service providers” which “can be used, among other things, to monitor the communication and travel activities of individuals or groups of people, as well as to carry out other forms of espionage.”

Canadian intelligence warned earlier this month that China was acquiring “billions of data points on democratic politicians, public figures, and citizens around the world.”

That warning followed the U.S. announcing dozens of criminal charges against hackers employed by the Chinese government. The charges detailed the data brokerage ecosystem in the country where commercial cyber intrusion groups sell access to target networks and pilfered material to China’s intelligence services.

The French cybersecurity agency ANSSI said in its annual report that it had, over the past two years, “dealt with several incidents affecting entities in the telecommunications sector in France for espionage purposes,” although it did not attribute these domestic incidents to any specific actors and did not issue an alert as the Danish have.

The incidents in France included one in which likely state-sponsored hackers compromised the core network of a telecom operator, said ANSSI. The agency’s director Vincent Streubel told Le Monde that this incident was not a Salt Typhoon attack.