The US Secret Service disrupted a network of tens of thousands cellular devices with the ability to do serious damage to telecommunications in NYC.
On September 23, 2025, the US Secret Service (USSS) shared how they discovered and disrupted a network of electronic devices with serious destructive capabilities against US telecommunications systems. In the press release’s accompanying video, Matt McCool, the Special Agent in charge of the New York Field Office, explained that the electronic devices were uncovered after “multiple telecommunications related threats directed towards senior US government officials this spring”, triggered a “difficult and complex effort to identify the source of these fraudulent calls and the impact on the Secret Service protective mission.”
This complicated investigation required support from several groups, including the “Department of Homeland Security’s Homeland Security Investigations, the Department of Justice, the Office of the Director of National Intelligence and the NYPD, as well as other state and local law enforcement partners”, partners who shared technical advice and assistance with the Secret Service.
The investigators found more than 300 collocated SIM servers and 100,000 SIM cards with “tens of thousands of colocated and network cellular devices” across multiple sites throughout the New York tristate area. The devices served as the infrastructure for “anonymous encrypted communications between potential threat actors and criminal enterprises, enabling criminal organizations to operate undetected.”
In addition to underpinning cybercrime, the devices had the means to execute several types of telecommunications attacks. Besides the anonymous telephonic threats that the government officials encountered earlier this year, McCool explained that the network of devices could enable denial of service attacks and even “disable cell phone towers and essentially shut down the cellular network in New York City.”
Shutting down cellular communications in the US’s most populous city is concerning all on its own, and still the potential damages these devices could bring is even more worrying considering their proximity to the global meeting of the United Nations General Assembly - currently happening in New York City. According to the press release, the devices were concentrated within just 35 miles of the UN meeting, which pushed the Secret Service to act quickly and dismantle the network.
Though the immediate threat has been dispatched, the investigation continues with the Secret Service conducting a forensic examination on the collected devices. There haven’t been any arrests made yet, but the USSS shared that “early analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement.” Because the investigation is ongoing, the Secret Service has not yet released more details on who these nation-state threat actors are - but this style of cyber attack, with state-sponsored actors targeting telecommunications operations, may signal to some that hackers like those behind Salt Typhoon and Volt Typhoon could be to blame.
The Salt Typhoon Hack, called the "worst telecom hack in our nation’s history", was only made known to the public last December. A group of Chinese-state sponsored hackers successfully infiltrated eight major telecommunications firms in the US (including AT&T, Verizon and T-Mobile), gained access to cellular metadata from an untold number of Americans, stole encrypted text messages from senior government officials and may have even listened in on their calls, causing serious privacy concerns.
Though the hacking group is now believed to be “largely contained” and “not actively infiltrating information,” the group is still considered a threat. Recent reports from the FBI suggest that Salt Typhoon targeted 600 companies possibly as part of a new initiative to collect data. The sheer size of the attack has some worried that it may be impossible to completely excise Salt Typhoon from US networks. Earlier this month, Cynthia Kaiser, a FBI cyber official who worked in the investigation, said “I can’t imagine any American was spared given the breadth of the campaign.”
Even before Salt Typhoon, other hackers allegedly sponsored by the People’s Republic of China sparked alarm over their intrusions into critical infrastructure. Volt Typhoon infected hundreds of U.S.-based small office/home office routers with KV Botnet malware to gain access to organizations in “the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.” Now, US officials confirm that even after the FBI and DOJ disrupted the botnet, Volt Typhoon still has access to the networks it hacked, quietly maintaining persistent means of entry to critical information and key resources.
This work by both Typhoons to have persistent access could be a harbinger of military conflict, warned Lt. Gen. Thomas Hensley, commander of 16th Air Force and Air Forces Cyber at the American Air Force’s Air, Space and Cyber conference: “...they’re probably setting the conditions to execute destructive cyberattacks, should there be a regional conflict in the Pacific over Taiwan. And my words and my words only — nobody else has said this — but if we find ourselves in a conflict with China and they execute destructive cyberattacks against our critical infrastructure in the United States, that is total war in my definition…total war in the sense of all-domain warfare, using the cyber domain to execute a counter-value attack against the U.S. population in the United States.”
While the telecommunications threat in the tristate New York area does not seem overtly linked to any military preparations, the proximity of the devices to the UN General Assembly is more than suspicious and warranted the fast reaction from the Secret Service. USSS Director Sean Curran emphasized the danger of the devices, when praising the Service’s actions: “The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated. The U.S. Secret Service’s protective mission is all about prevention, and this investigation makes it clear to potential bad actors that imminent threats to our protectees will be immediately investigated, tracked down and dismantled.”
Even if groups like Salt Typhoon still remain at large, the work of federal groups like the Secret Service hopefully signifies that other cyber campaigns against US infrastructure will be met with swift action.