Government intelligence and cybersecurity agencies from 13 countries have released a joint advisory detailing the techniques used by Salt Typhoon, a Chinese state-sponsored APT group that has targeted telecommunications, government, transportation, lodging and military infrastructure networks from around the world. The agencies have linked Salt Typhoonâs activities to multiple Chinese entities, including three technology companies that provide cyber-related products and services to the Peopleâs Liberation Army (PLA) and Chinaâs Ministry of State Security (MSS).
âThe data stolen through this activity against foreign telecommunications and internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targetsâ communications and movements around the world,â the agencies stated in their report.
Also known in the cybersecurity industry as Operator Panda, RedMike, UNC5807 and GhostEmperor, Salt Typhoon made headlines in late 2024 and earlier this year when authorities revealed that the group had breached major US telecommunications providers and ISP including AT&T, Verizon, T-Mobile, Lumen Technologies, Charter, Consolidated and Windstream Communications in order to spy on sensitive communications.
