Security news aggregator

Latest coverage for Salt Typhoon

Coverage examines reports on Salt Typhoon, an alleged intrusion set, including infrastructure, disruption, and defensive guidance.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Salt Typhoon is a name used by security researchers and government agencies for a suspected intrusion set linked in public reporting to compromises of telecommunications and other communications infrastructure. Reported incidents have involved access to provider networks and systems that could expose subscriber information, call-detail records, or communications-related data; the scope and attribution of individual cases remain subject to investigation.

The main security concern is prolonged access to high-value network environments, including internet-facing appliances, administrative systems, and monitoring or lawful-intercept infrastructure. Telecommunications operators and connected organizations should inventory and promptly patch exposed devices, restrict management access, enforce multifactor authentication, segment sensitive systems, rotate potentially exposed credentials, and retain authentication and network telemetry for threat hunting. Investigations should examine persistence and lateral movement rather than treating removal of one account or device as sufficient. Because communications data is highly sensitive, suspected access also warrants careful privacy assessment, evidence preservation, and coordination with applicable disclosure and regulatory processes.

Volume over time

Weekly headline count for the current query.

Showing 6 most recent headlines Filtered view

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies