AT&T and Verizon think they have halted the threat of China’s hackers to their networks, but the danger facing the telecom sector and its customers is far from finished.

Federal investigators are aware of nine telecommunications companies victimized by China-sponsored hackers, which the Biden administration has identified as Salt Typhoon.

AT&T is among the afflicted telecommunications companies and believes it has made progress in booting the Chinese hackers out of its systems.

“We detect no activity by nation-state actors in our networks at this time,” AT&T spokesman Alex Byers told The Washington Times on Tuesday evening.

Mr. Byers said the company’s ongoing investigation showed, “the People’s Republic of China targeted a small number of individuals of foreign intelligence interest.”

“In the relatively few instances in which an individual’s information was impacted, we have complied with our notification obligations in cooperation with law enforcement,” Mr. Byers said in a statement. “We will continue to work closely with government officials, other telecommunication companies, and third-party experts on the investigation of this nation-state action, and we are monitoring and remediating our networks to protect our customers’ data.”

Verizon, similarly, told The Times it had “contained” a cyber incident, which the company said involved the targeting of a “small number of high-profile customers in government and politics.” Verizon said it notified the affected customers.

Verizon Chief Legal Officer Vandana Venkatesh said Verizon took immediate action upon learning of the hacking to protect its customers and network, and it has worked with federal officials and industry partners.

“We have not detected threat actor activity in the Verizon network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident,” Ms. Venkatesh said in a statement. 

The reported targets of the Typhoon hackers include President-elect Donald Trump and Vice President-elect J.D. Vance. 

While AT&T and Verizon frame the hackers’ advances as involving a few targeted attacks hitting a small number of VIPs, President Biden’s White House has described China’s hacking goals as far more expansive.

White House Deputy National Security Adviser Anne Neuberger told reporters on Dec. 27 that federal officials did not yet have a good sense of the total damage. 

“We believe a large number of individuals were affected by geolocation and metadata of phones — a smaller number around actual collection of phone calls and texts,” Ms. Neuberger said. “And I think the scale we’re talking about is far larger on the geolocation; probably less than 100 on the actual individuals.”

Ms. Neuberger said federal officials concluded that China’s hackers geolocated a large number of people in the Washington, D.C., and Virginia region with the goal of identifying individual espionage targets.

Understanding the intentions and accomplishments of China’s alleged cyberattacks against the telecommunications sector will likely take some time. 

Different telecommunications companies are discovering and thwarting different issues from the suspected hackers.

For example, T-Mobile Chief Security Officer Jeff Simon told The Times in December his company was confident that the hackers had not accessed the content of its customers’ calls and texts via T-Mobile’s systems.

Mr. Simon said in an interview that his company spotted activity from a cyberattacker in October, potentially Salt Typhoon, which looked to be trying to gain access to T-Mobile’s infrastructure via edge routing infrastructure from another telecommunications company.

“The routing infrastructure that was peered with this other telecommunications company, we have in practice removed it from our network, we basically downed all that routing infrastructure,” he said. “Now, we didn’t do it because we were worried about there being some embedded malware inside the router or something like that. We did it because we just, that was how we responded was, ‘Let’s just completely cut off this network.’”

Much of the infrastructure is now gone, but Mr. Simon said not every piece of equipment the cyberattackers’ encountered needs to be removed and replaced.

“Everything facing that telecom router [is] gone, but we didn’t see anything that would cause us concern that, hey, every router that this actor has touched, whether it’s at T-Mobile or otherwise, should be completely replaced,” he said.

• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.