Network devices in at least one Norwegian organization
February 5, 2026
•[ state-sponsored espionage, network device compromise, telecom ]
The Record reported that Norways Police Security Service (PST) disclosed that the Chinese state-sponsored espionage campaign tracked as Salt Typhoon compromised network devices in Norwegian organizations. PST made the disclosure in its 2026 annual threat assessment and said the actor exploited vulnerable network devices, consistent with a broader telecom/critical infrastructure espionage focus described by allied authorities. The article does not identify specific victim organizations or provide incident-level dates/effects for one named target, so it is best treated as campaign-level reporting rather than a single victim event record.
At least one Telecom company in South Asia
January 8, 2026
•[ espionage, malware, threat intelligence ]
The Hacker News summarized Cisco Talos research attributing espionage-focused intrusions to a China-nexus actor tracked as UAT-7290. The campaign reportedly targets telecom entities in South Asia and Southeastern Europe, performing extensive reconnaissance followed by compromise activity that can lead to deployment of malware families including RushDrop, DriveSwitch, and SilentRaid. The article is threat-intelligence reporting focused on actor behavior, tooling, and geographic targeting, and it does not provide a bounded, single victim incident record with confirmed impact metrics (e.g., downtime or specific data stolen) for one named organization.
At least one telecom operator in Russia
January 11, 2025
•[ DDoS, telecom ]
A Russian tech-news report citing Roskomnadzor/GRFC monitoring stated that in November 2025 the regulator recorded and mitigated a record-long DDoS attack targeting telecommunications operators systems, with a maximum duration reported as 3 days 22 hours 20 minutes. The same regulatory summary reported peak attack power around 1.93 Tbps and very high packet rates during the period, with the telecom sector described as a primary focus of attack vectors. The report did not identify a specific threat group or provide victim-by-victim service impact details, but characterized the episode as an unusually prolonged and powerful DDoS campaign against telecom infrastructure.
