The fun part is they don’t know the extent of the comprise or how long it has been going on.
What happened is that CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn’t a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard.
Because of all this, CISA is now recommending that people use encrypted messagers.
I’d argue Threema. The server code isn’t open source, but the apps are auditable. You can use it without any other identifiers (phone number, email are optional). It comes from a private company, but they have had a good track record.
Edit: They also have a version on F-Droid, without proprietary components, that uses their own push protocol instead of Google’s.