โChina is not our friend, and we should not bring CCP-controlled equipment into American homes,โ Sen. Cynthia Lummis said.
A bicameral group of 17 Republican lawmakers is urging Commerce Secretary Howard Lutnick to ban the sales of networking equipment from TP-Link, saying that the company has โdeep tiesโ to the Chinese Communist Party (CCP).
Led by Sen. Tom Cotton (R-Ark.) and Rep. Riley Moore (R-W.Va.), the lawmakers sent a letter, dated May 14, to Lutnick, calling TP-Link โa state-sponsored networking equipment companyโ that poses โa clear and present danger.โ
โChina is not our friend, and we should not bring CCP-controlled equipment into American homes,โ Sen. Cynthia Lummis (R-Wyo.), who cosigned the letter, wrote on the social media platform X on May 14.
China is not our friend, and we should not bring CCP-controlled equipment into American homes. Proud to join my colleagues in supporting @CommerceGov's investigation of TP-Link and urging swift action to prohibit sales. More below.โฌ๏ธ pic.twitter.com/NxH7yNB6IU
— Senator Cynthia Lummis (@SenLummis) May 14, 2025
โProud to join my colleagues in supporting [Commerce Departmentโs] investigation of TP-Link and urging swift action to prohibit sales.โ
The lawmakers stated that Chinese state cyber actors โhave exploitedโ the companyโs small and home office (SOHO) products, such as Wi-Fi routers, cellular gateways, and mobile hotspots, in their cyber campaigns against the United States.
โCCP agents commonly exploit SOHO routers because those systems have ideal bandwidth and computing power for sustained cyber activities but lack additional layers of security common in enterprise networks,โ the letter reads.
Citing an advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) in February 2024, the lawmakers warned that the Chinese regime โuses SOHO equipment for ongoing espionage and targeting of critical infrastructure to pre-position itself for destructive attacks on Americans and communication channels with our allies.โ
The CISA advisory named a Chinese threat actor group, Volt Typhoon, and how it used the technique of multi-hop proxies composed of virtual private servers or SOHO routers to carry out its cyber attacks.
In October 2024, Microsoft reported that a Chinese botnet known as CovertNetwork-1658 had hijacked many SOHO routers, the majority of which were manufactured by TP-Link, to carry out โhighly evasive password spray attacks.โ Microsoft added that its operation was discovered in August 2023, and the botnet consisted of about 8,000 compromised devices at any given time.
The lawmakers also warned that TP-Link โis subject to Chinaโs National Security Law,โ thus allowing the CCP to gain access to U.S. systems via the companyโs devices, โbefore American authorities know a vulnerability exists.โ
Byย Frank Fang
