Salt Typhoon

Threat Actor updated 3 days ago (2024-11-20T18:15:39.585Z)

Download STIX

Preview STIX

Salt Typhoon, a China-linked Advanced Persistent Threat (APT) group also known as FamousSparrow and GhostEmperor, has been active since at least 2020. The group has conducted cyber-espionage campaigns targeting governments, the tech industry, and most notably, U.S. internet service providers (ISPs). In early 2023, Salt Typhoon's activities were reported, detailing their attacks on ISPs including Verizon, AT&T, and Lumen Technologies. These breaches potentially granted the threat actor access to systems used for lawful wiretapping and other sensitive data. The Salt Typhoon breach exposed significant vulnerabilities in the U.S. cybersecurity framework, highlighting the cost of complacency when prioritizing profits over robust security measures. This brazen assault on America's digital infrastructure, specifically systems integral to surveillance and wiretapping capabilities, underscores the critical failures in the nation's cybersecurity strategy. Their eight-month long cyberespionage operation is currently under investigation by U.S. agencies. China reportedly sponsors two other cyberespionage clusters, Flax Typhoon and Salt Typhoon, which regularly target critical infrastructure entities as part of a broader strategic approach. The Salt Typhoon group targeted surveillance systems used by the U.S. government for investigating crimes and threats to national security. Despite its focus on intelligence gathering rather than crippling infrastructure, the Salt Typhoon campaign represents a systemic vulnerability in America's approach to cybersecurity. It is suggested that the group behind Salt Typhoon may be affiliated with China’s Ministry of State Security, specifically the APT40 group, which specializes in intelligence collection.

Description last updated: 2024-11-15T15:58:51.104Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ghostemperor is a possible alias for Salt Typhoon. GhostEmperor, also known as Salt Typhoon and FamousSparrow, is a threat actor that has been active since August 2019. The group is linked to China's Ministry of State Security and is recognized for its sophisticated cyber campaigns primarily targeting high-profile entities in Southeast Asia, includi	3
Famoussparrow is a possible alias for Salt Typhoon. FamousSparrow, also known as Salt Typhoon and GhostEmperor, is a threat actor attributed to a China-linked Advanced Persistent Threat (APT) group. The cybersecurity industry has been tracking the activities of this malicious entity since 2019. FamousSparrow has been associated with China's Ministry	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

State Sponso...

Chinese

Government

Exploit

Vulnerability

China

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Volt Typhoon Threat Actor is associated with Salt Typhoon. Volt Typhoon, a cyberespionage cluster sponsored by China, has emerged as a significant threat actor in the cybersecurity landscape. Known for its strong operational security and obfuscation of malware, Volt Typhoon is both a resilient botnet and a warning signal of potential critical infrastructure	Unspecified	2

Source Document References

Information about the Salt Typhoon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	2 days ago	18th November – Threat Intelligence Report
DARKReading	2 days ago	Salt Typhoon APT Hits T-Mobile in Telecom Attack Spree
InfoSecurity-magazine	2 days ago	T-Mobile Breached in Major Chinese Cyber-Attack on Telecoms
InfoSecurity-magazine	2 days ago	Chinese APT Group Targets Telecom Firms Linked to BRI
InfoSecurity-magazine	8 days ago	Massive Telecom Hack Exposes US Officials to Chinese Espionage
DARKReading	8 days ago	Washington's Cybersecurity Storm of Complacency
BankInfoSecurity	8 days ago	Hackers Lurking in Critical Infrastructure to Wage Attacks
Securityaffairs	8 days ago	China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials
Securityaffairs	12 days ago	U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers
Trend Micro	15 days ago	Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations
DARKReading	23 days ago	China Says Seabed Sentinels Are Spying, After Trump Taps
Checkpoint	25 days ago	28th October – Threat Intelligence Report - Check Point Research
DARKReading	25 days ago	French ISP Confirms Cyberattack, Data Breach Affecting 19M
Securityaffairs	25 days ago	Chinese cyber spies targeted phones used by Trump and Vance
Securityaffairs	2 months ago	China-linked APT group Salt Typhoon compromised some US ISPs
DARKReading	2 months ago	China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs
BankInfoSecurity	a month ago	Congress Seeks Urgent Action After Chinese Telecom Hack
Securityaffairs	a month ago	Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	2 months ago	Sat Typhoon APT Subverts Law Enforcement Wiretapping
BankInfoSecurity	2 months ago	Feds Probe Chinese 'Salt Typhoon' Hack of Major Telcos