Salt Typhoon

Threat Actor updated a month ago (2024-11-29T14:52:25.498Z)

Download STIX

Preview STIX

Salt Typhoon, also known as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, is a threat actor linked to China's Ministry of State Security. Active since at least 2020, this advanced persistent threat (APT) group has a history of targeting U.S. systems for intelligence gathering, particularly those critical to national security. The group has compromised several U.S. internet service providers (ISPs), including Verizon, AT&T, Lumen, and T-Mobile, with the aim of exfiltrating data from systems used to manage court-authorized wiretaps of subscriber network traffic. The cyber campaign led by Salt Typhoon has been attributed to a series of attacks on high-value government and telecommunications organizations. In 2023, Salt Typhoon was observed compromising consulting firms and non-governmental organizations (NGOs) that work with the U.S. government and military, aiming to breach these entities more quickly and effectively. Notably, Salt Typhoon does not typically exploit vulnerabilities directly in its target's network but uses a diverse arsenal of malware to infiltrate and compromise networks. Salt Typhoon's operations have been closely monitored and analyzed by cybersecurity researchers. The group consistently builds out its arsenal of varied and powerful payloads, which it deploys once it gains access to a targeted network. One recent addition to this arsenal is a backdoor malware dubbed GhostSpider. In response to the ongoing threat posed by Salt Typhoon, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement detailing the major Chinese cyber-espionage campaign targeting U.S. telecommunications infrastructure.

Description last updated: 2024-11-28T11:48:16.067Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ghostemperor is a possible alias for Salt Typhoon. GhostEmperor, also known as Salt Typhoon and FamousSparrow, is a threat actor that has been active since August 2019. The group is linked to China's Ministry of State Security and is recognized for its sophisticated cyber campaigns primarily targeting high-profile entities in Southeast Asia, includi	3
Earth Estries is a possible alias for Salt Typhoon. Earth Estries, also known as Salt Typhoon, FamousSparrow, GhostEmperor, and UNC2286, is a sophisticated threat actor that has been conducting long-term espionage attacks against government entities and other targets since 2020. Originating from the People's Republic, Earth Estries ranks among the mo	2
Famoussparrow is a possible alias for Salt Typhoon. FamousSparrow, also known as Salt Typhoon and GhostEmperor, is a threat actor attributed to a China-linked Advanced Persistent Threat (APT) group. The cybersecurity industry has been tracking the activities of this malicious entity since 2019. FamousSparrow has been associated with China's Ministry	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

State Sponso...

Apt

Chinese

Government

China

Backdoor

Exploit

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Volt Typhoon Threat Actor is associated with Salt Typhoon. Volt Typhoon, a state-sponsored threat actor based in China, has been identified as a significant cybersecurity risk to critical infrastructure sectors in the United States. According to Microsoft and the Five Eyes cybersecurity and intelligence agencies, Volt Typhoon has compromised IT environments	Unspecified	2

Source Document References

Information about the Salt Typhoon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	5 days ago	US Telco Security Efforts Ramp Up After Salt Typhoon
DARKReading	5 days ago	TP-Link Router Ban Is Mostly About Politics
InfoSecurity-magazine	5 days ago	CISA Urges Encrypted Messaging After Salt Typhoon Hack
DARKReading	15 days ago	Governments, Telcos Ward Off China's Hacking Typhoons
Checkpoint	16 days ago	9th December – Threat Intelligence Report - Check Point Research
Securityaffairs	16 days ago	Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	16 days ago	CISA Issues Guidance to Telecom Sector on Salt Typhoon
DARKReading	16 days ago	Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems
Checkpoint	24 days ago	2nd December – Threat Intelligence Report - Check Point Research
Securityaffairs	25 days ago	T-Mobile detected network intrusion attempts and blocked them
DARKReading	a month ago	Salt Typhoon Builds Out Malware Arsenal With GhostSpider
BankInfoSecurity	a month ago	T-Mobile Disputes Claims of Chinese Hack on Customer Data
Checkpoint	a month ago	18th November – Threat Intelligence Report
DARKReading	a month ago	Salt Typhoon APT Hits T-Mobile in Telecom Attack Spree
InfoSecurity-magazine	a month ago	T-Mobile Breached in Major Chinese Cyber-Attack on Telecoms
InfoSecurity-magazine	a month ago	Chinese APT Group Targets Telecom Firms Linked to BRI
InfoSecurity-magazine	a month ago	Massive Telecom Hack Exposes US Officials to Chinese Espionage
DARKReading	a month ago	Washington's Cybersecurity Storm of Complacency
BankInfoSecurity	a month ago	Hackers Lurking in Critical Infrastructure to Wage Attacks
Securityaffairs	a month ago	China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials