Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home News

China Salt Typhoon Long Global Hacking

September 2, 2025
Reading Time: 3 mins read
in News
Sitecore Exploit Chain Warning

The China-linked cyberespionage group known as Salt Typhoon, also referred to as GhostEmperor and Operator Panda, has been persistently targeting and compromising backbone and edge routers globally since at least 2021. The group’s primary objective is to maintain long-term access to a wide range of networks for intelligence gathering, with a particular focus on government, military, telecom, transportation, and lodging sectors in the United States, Canada, Australia, New Zealand, and the United Kingdom. This widespread and sustained campaign gives Chinese intelligence services the capability to monitor and track the communications and movements of individuals and organizations worldwide, highlighting the global reach and strategic importance of these cyber operations.

Salt Typhoon’s tactics involve exploiting known, rather than zero-day, vulnerabilities in products from major network equipment manufacturers like Cisco, Ivanti, and Palo Alto Networks to gain initial access. Once inside a network, the group employs sophisticated techniques to maintain persistence and evade detection. They tamper with Access Control Lists (ACLs), create hidden tunnels, and leverage multi-hop pivoting tools to move between networks and modify routing. These actions, combined with their ability to mirror network traffic, enable them to not only surveil communications but also gain a deep understanding of network configurations. The group’s reliance on exploiting known flaws suggests a methodical and patient approach to its operations, focusing on leveraging existing security weaknesses rather than developing novel attacks.

To expand their foothold and move laterally within compromised networks, the hackers target critical network components and data. They focus on authentication protocols, router interfaces, and configuration files, often extracting credentials from captured network traffic. The group also actively modifies server configurations to point to their own infrastructure, creates privileged user accounts, and scans for open ports to identify additional entry points. Their operations are designed to be as covert as possible; they actively delete logs and disable logging functions to hide their presence and avoid detection by security teams. This level of operational security demonstrates their expertise and determination to remain undetected for extended periods.

The operations of Salt Typhoon have been linked to several China-based companies that are known to provide cyber products and services to Chinese intelligence. This connection underscores the role of a broader contractor ecosystem that supports and expands the scale of Chinese cyber espionage. Experts note that these contractors are instrumental in everything from building the necessary infrastructure to carrying out the intrusions themselves. This model allows for the rapid evolution and unprecedented scale of these operations, enabling the group to target hundreds of organizations across 80 countries in a single year.

Given the persistent and long-term nature of Salt Typhoon’s access, cybersecurity agencies have issued joint advisories providing specific indicators of compromise (IOCs) and recommendations for threat hunters. These advisories emphasize the need for organizations to not only identify and evict the attackers but also to protect their incident response efforts from being monitored by the threat actors. The group has shown a tendency to compromise administrator devices and accounts to monitor for signs of detection, making it crucial for organizations to secure their threat hunting and response processes. The ongoing threat posed by Salt Typhoon highlights the critical need for organizations to apply patches promptly and implement robust security measures to protect their networks from sophisticated state-sponsored attacks.

Reference:

  • Chinese Hacker Group Salt Typhoon Targeted Critical Infrastructure Worldwide
Tags: Cyber NewsCyber News 2025Cyber threatsSeptember 2025
ADVERTISEMENT

Related Posts

Sitecore Exploit Chain Warning

Spain Cancels Huawei Contract

September 2, 2025
Sitecore Exploit Chain Warning

Ransomware Gang Takedown Fallout

September 2, 2025
Amazon Dismantles Russian APT29 Network

Amazon Dismantles Russian APT29 Network

September 1, 2025
Amazon Dismantles Russian APT29 Network

Apple May Remove SIM Card In iPhone 17

September 1, 2025

Microsoft To Enforce MFA For Azure

September 1, 2025
Salt Typhoon Hacking Linked To China

Russia Considers Google Meet Ban

August 28, 2025

Latest Alerts

High Risk SQLi In WordPress Plugin

AI Weaponized Nx Supply Chain Attack

Sitecore Exploit Chain Warning

Brokewell Android Malware In Fake Ads

North Korea APT37 Uses RokRAT In Phishing

New Zero Click Exploit Targets WhatsApp

Subscribe to our newsletter

    Latest Incidents

    Lotte Card Cyberattack Reported

    Von Der Leyen Plane GPS Jamming

    Zscaler Data Breach Exposes Info

    Google Warns Salesloft Breach Hit Accounts

    Fraudster Stole Millions From Baltimore

    MathWorks Confirms Cyberattack Data Stolen

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial