Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
A cyber intrusion by China-linked group Salt Typhoon has been observed targeting global infrastructure via DLL sideloading
Coverage examines reports on Salt Typhoon, an alleged intrusion set, including infrastructure, disruption, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Salt Typhoon is a name used by security researchers and government agencies for a suspected intrusion set linked in public reporting to compromises of telecommunications and other communications infrastructure. Reported incidents have involved access to provider networks and systems that could expose subscriber information, call-detail records, or communications-related data; the scope and attribution of individual cases remain subject to investigation.
The main security concern is prolonged access to high-value network environments, including internet-facing appliances, administrative systems, and monitoring or lawful-intercept infrastructure. Telecommunications operators and connected organizations should inventory and promptly patch exposed devices, restrict management access, enforce multifactor authentication, segment sensitive systems, rotate potentially exposed credentials, and retain authentication and network telemetry for threat hunting. Investigations should examine persistence and lateral movement rather than treating removal of one account or device as sufficient. Because communications data is highly sensitive, suspected access also warrants careful privacy assessment, evidence preservation, and coordination with applicable disclosure and regulatory processes.
Weekly headline count for the current query.
A cyber intrusion by China-linked group Salt Typhoon has been observed targeting global infrastructure via DLL sideloading
Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers
The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns
The US authorities have asked the public to help them unmask China’s Salt Typhoon threat actors
Chinese threat actor Salt Typhoon used JumbledPath, a custom-built utility, to gain access to a remote Cisco device, said the network provider
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging
The Salt Typhoon hack against US telecommunications firms has prompted the FCC to suggest stricter security rules to protect the sector from future cyber threats
The CSO of T-Mobile has clarified that no customer information was stolen by Chinese hacking group Salt Typhoon
T-Mobile was hit by Salt Typhoon, a Chinese cyber-espionage group targeting US and global telecom firms