2025-02-23 15:49:09 Pacfic
Salt Typhoon Group Expands Espionage Using JumbledPath - 8d
The Chinese cyber espionage group Salt Typhoon is actively expanding its espionage campaign by compromising additional telecom networks globally between December 2024 and January 2025. They are using a custom malware called JumbledPath to monitor network traffic. They are gaining access primarily through stolen credentials and exploiting a six-year-old vulnerability in Cisco routers.
Salt Typhoon's Ongoing Telecom Attacks - 9d
The Chinese nation-state-backed threat actor Salt Typhoon has been actively targeting telecommunications providers, compromising at least five companies between December and January of 2025. This campaign demonstrates the persistence of the group, despite sanctions. Exploitation attempts involved vulnerabilities in Cisco devices, highlighting the continued need for robust security measures in the telecommunications sector.
US Treasury Hacked by Chinese APT Group - 4d
The US Treasury Department sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe, and a Shanghai-based hacker, Yin Kecheng, for their involvement in the Salt Typhoon cyberattacks. These attacks targeted major US telecom companies, compromising sensitive data and the US Treasury’s network, including systems used for sanctions and foreign investment reviews, and even impacted the computer of the outgoing Treasury Secretary Janet Yellen. This highlights the ongoing sophisticated cyber espionage campaigns from China targeting critical infrastructure and government entities within the US and globally. The sanctioned entities are directly linked to the Chinese Ministry of State Security (MSS), and used a combination of zero-day exploits and other techniques for infiltrating networks and exfiltrating data. The compromise of the Department of the Treasury’s network is considered a major breach, potentially impacting national security due to access to sensitive information.