I agree; data theft alone does not qualify. I closed it based on reports that indicated the text hacking was only part of it and that "critical infrastructure" was compromised to either an unknown or undisclosed extent. See https://cyberscoop.com/fbi-operation-china-botnet-flax-typhoon/ for example

FBI joint operation takes down massive Chinese botnet, Wray says

Flax Typhoon targeted critical infrastructure in the U.S. and abroad, and Black Lotus Labs researchers observed a “large scanning effort” targeting U.S. military and government.

What critical infrastructure was disrupted here?

I would not have anticipated that data theft would qualify here.

@JakeLowery Agreed, text message hacking seems to be against the spirit of the question imo

@gamedev Upon reflection, while I wouldn't have anticipated this would count, it seems clear that CISA considers this to be a substantial cyberattack disrrupting critical infrastructure.

Here is the CISA release: CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure | CISA

"People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers. The recommended practices are for network engineers and defenders of communications infrastructure to strengthen visibility and harden network devices against this broad and significant cyber espionage campaign. "

“The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses. This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors,” said CISA Executive Assistant Director for Cybersecurity Jeff Greene.