Threat hunters have uncovered a set of 45 previously unreported domains linked to China-backed threat actors Salt Typhoon and UNC4841, dating back to May 2020. These domains show overlaps with other Chinese hacking groups and are associated with espionage activities targeting organizations worldwide. #SaltTyphoon #UNC4841
Keypoints
- Researchers discovered 45 new domains linked to Salt Typhoon and UNC4841, some registered as early as May 2020.
- Many of these domains share infrastructure and overlaps with other Chinese threat actor groups involved in zero-day exploits.
- Salt Typhoon has targeted telecommunications providers in the U.S. and is believed to be operated by Chinaβs MSS.
- Attackers used false identities and high-density IP addresses to register and host malicious domains.
- Organizations are advised to review DNS logs and IP address activity over the past five years for signs of compromise.
Read More: https://thehackernews.com/2025/09/45-previously-unreported-domains-expose.html