Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home News

China Salt Typhoon Long Global Hacking

September 2, 2025
Reading Time: 3 mins read
in News
Sitecore Exploit Chain Warning

The China-linked cyberespionage group known as Salt Typhoon, also referred to as GhostEmperor and Operator Panda, has been persistently targeting and compromising backbone and edge routers globally since at least 2021. The group’s primary objective is to maintain long-term access to a wide range of networks for intelligence gathering, with a particular focus on government, military, telecom, transportation, and lodging sectors in the United States, Canada, Australia, New Zealand, and the United Kingdom. This widespread and sustained campaign gives Chinese intelligence services the capability to monitor and track the communications and movements of individuals and organizations worldwide, highlighting the global reach and strategic importance of these cyber operations.

Salt Typhoon’s tactics involve exploiting known, rather than zero-day, vulnerabilities in products from major network equipment manufacturers like Cisco, Ivanti, and Palo Alto Networks to gain initial access. Once inside a network, the group employs sophisticated techniques to maintain persistence and evade detection. They tamper with Access Control Lists (ACLs), create hidden tunnels, and leverage multi-hop pivoting tools to move between networks and modify routing. These actions, combined with their ability to mirror network traffic, enable them to not only surveil communications but also gain a deep understanding of network configurations. The group’s reliance on exploiting known flaws suggests a methodical and patient approach to its operations, focusing on leveraging existing security weaknesses rather than developing novel attacks.

To expand their foothold and move laterally within compromised networks, the hackers target critical network components and data. They focus on authentication protocols, router interfaces, and configuration files, often extracting credentials from captured network traffic. The group also actively modifies server configurations to point to their own infrastructure, creates privileged user accounts, and scans for open ports to identify additional entry points. Their operations are designed to be as covert as possible; they actively delete logs and disable logging functions to hide their presence and avoid detection by security teams. This level of operational security demonstrates their expertise and determination to remain undetected for extended periods.

The operations of Salt Typhoon have been linked to several China-based companies that are known to provide cyber products and services to Chinese intelligence. This connection underscores the role of a broader contractor ecosystem that supports and expands the scale of Chinese cyber espionage. Experts note that these contractors are instrumental in everything from building the necessary infrastructure to carrying out the intrusions themselves. This model allows for the rapid evolution and unprecedented scale of these operations, enabling the group to target hundreds of organizations across 80 countries in a single year.

Given the persistent and long-term nature of Salt Typhoon’s access, cybersecurity agencies have issued joint advisories providing specific indicators of compromise (IOCs) and recommendations for threat hunters. These advisories emphasize the need for organizations to not only identify and evict the attackers but also to protect their incident response efforts from being monitored by the threat actors. The group has shown a tendency to compromise administrator devices and accounts to monitor for signs of detection, making it crucial for organizations to secure their threat hunting and response processes. The ongoing threat posed by Salt Typhoon highlights the critical need for organizations to apply patches promptly and implement robust security measures to protect their networks from sophisticated state-sponsored attacks.

Reference:

  • Chinese Hacker Group Salt Typhoon Targeted Critical Infrastructure Worldwide
Tags: Cyber NewsCyber News 2025Cyber threatsSeptember 2025
ADVERTISEMENT

Related Posts

TradeOgre Exchange Dismantled In Canada

TradeOgre Exchange Dismantled In Canada

September 22, 2025
TradeOgre Exchange Dismantled In Canada

Kremlin Hack Groups Team Up ESET Says

September 22, 2025
TradeOgre Exchange Dismantled In Canada

Qilin Still Top Ransomware Group Globally

September 22, 2025
UK Police Arrest Two Scattered Spider Teens

UK Police Arrest Two Scattered Spider Teens

September 19, 2025
UK Police Arrest Two Scattered Spider Teens

Gold Salem Warlock Joins Ransomware

September 19, 2025
UK Police Arrest Two Scattered Spider Teens

Netskope Raises Over 908 Million

September 19, 2025

Latest Alerts

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Steganography Cloud C2 In Modular Chain

Fake Empire Targets Crypto With AMOS

SEO Poisoning Hits Chinese Users

Subscribe to our newsletter

    Latest Incidents

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    Russian Hackers Hit Polish Hospitals

    New York Blood Center Data Breach

    Tiffany Data Breach Hits Thousands

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial