Silent Push has uncovered numerous new domains linked to Salt Typhoon, a Chinese state-backed APT group engaged in global espionage. The investigation reveals sophisticated infrastructure strategies that have persisted since 2020, targeting telecoms, ISPs, and sensitive metadata from U.S. mobile users. #SaltTyphoon #UNC4841
Keypoints
- Salt Typhoon is a Chinese APT linked to the PRCβs Ministry of State Security, targeting multiple countries.
- Silent Push identified 45 previously unlinked domains used in Salt Typhoonβs operations between 2020 and 2025.
- The group has conducted high-profile intrusions into U.S. telecom companies, accessing metadata of over a million users.
- Domain registration patterns include the use of ProtonMail accounts, fake identities, and obfuscated registration details.
- Infrastructure overlaps exist between Salt Typhoon and UNC4841, indicating possible shared tactics and objectives.