Government intelligence and cybersecurity agencies from 13 countries have released a joint advisory detailing the techniques used by Salt Typhoon, a Chinese state-sponsored APT group that has targeted telecommunications, government, transportation, lodging and military infrastructure networks from around the world. The agencies have linked Salt Typhoon’s activities to multiple Chinese entities, including three technology companies that provide cyber-related products and services to the People’s Liberation Army (PLA) and China’s Ministry of State Security (MSS).
“The data stolen through this activity against foreign telecommunications and internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targets’ communications and movements around the world,” the agencies stated in their report.
Also known in the cybersecurity industry as Operator Panda, RedMike, UNC5807 and GhostEmperor, Salt Typhoon made headlines in late 2024 and earlier this year when authorities revealed that the group had breached major US telecommunications providers and ISP including AT&T, Verizon, T-Mobile, Lumen Technologies, Charter, Consolidated and Windstream Communications in order to spy on sensitive communications.
