The China-linked cyberespionage group Salt Typhoon has been targeting routers globally to maintain long-term access across various sectors, including government and telecom. This group exploits known vulnerabilities and employs sophisticated techniques to evade detection and exfiltrate data, posing a significant threat to international networks. #SaltTyphoon #GhostEmperor
Keypoints
- Salt Typhoon has been conducting cyber espionage operations across multiple countries for over five years.
- The group has targeted backbone and edge routers to access and manipulate network traffic.
- They exploit known vulnerabilities in Cisco, Ivanti, and Palo Alto Networks products for initial access.
- The threat actor uses advanced techniques like log tampering, configuration modifications, and traffic interception to maintain persistence.
- Experts advise organizations to follow stringent threat hunting and incident response guidelines to mitigate risks.
Read More: https://www.securityweek.com/chinas-salt-typhoon-hacked-critical-infrastructure-globally-for-years/