A European telecommunications organization was targeted by the China-linked threat group Salt Typhoon in July 2025, exploiting a Citrix NetScaler Gateway for initial access. This attack involved advanced malware delivery techniques, persistence, and the use of legitimate tools to evade detection. #SaltTyphoon #CitrixNetScaler #Snappybee
Keypoints
- The threat actor Salt Typhoon is known for targeting telecommunications, energy, and government systems globally.
- The attackers exploited security flaws in edge devices like Citrix NetScaler Gateway to gain initial access.
- The malware, Snappybee, is delivered via DLL side-loading, often using legitimate antivirus software to evade detection.
- The group maintains deep persistence and uses tools like SoftEther VPN to hide their activities.
- The attack was detected and remediated before it could escalate, highlighting the importance of vigilant cybersecurity measures.
Read More: https://thehackernews.com/2025/10/hackers-used-snappybee-malware-and.html