Salt Typhoon, a China-linked APT group, continues its global cyber espionage targeting critical infrastructure, telecommunications, and government networks. The group exploits edge devices, modifies routers for persistent access, and steals data to track global communications. #SaltTyphoon #GhostEmperor #UNC5807 #CiscoVulnerabilities
Keypoints
- Salt Typhoon has been active since at least 2019, targeting global critical sectors.
- The group exploits vulnerabilities in Cisco, Ivanti, and Palo Alto Networks devices to gain initial access.
- Threat actors modify routers and network devices to maintain persistent access and facilitate data exfiltration.
- They leverage authentication protocols like TACACS+ and SSH to move laterally within networks.
- Target sectors include telecommunications, government, transportation, and hospitality to surveil and gather intelligence.
Read More: https://thehackernews.com/2025/08/salt-typhoon-exploits-cisco-ivanti-palo.html