← All Threat Actors
Threat Actor Profile

Salt Typhoon

Earth Estries G1045 GhostEmperor UNC5807
▲ High Threat
[Salt Typhoon](https://attack.mitre.org/groups/G1045) is a People's Republic of China (PRC) state-backed actor that has been active since at least 2019 and responsible for numerous compromises of network infrastructure at major U.S. telecommunication and internet service providers (ISP).(Citation: US Dept. of Treasury Salt Typhoon JAN 2025)(Citation: Cisco Salt Typhoon FEB 2025)
Origin

Known TTPs

Clear Linux or Mac System Logs
Network Topology
Protocol Tunneling
Malware
Exfiltration Over Unencrypted Non-C2 Protocol
SSH Authorized Keys
Network Sniffing
Network Device Configuration Dump
Password Cracking
SSH
Disable or Modify System Firewall
Tool
Create Account
Exploit Public-Facing Application

External Resources

CISA Advisories ↗

Related Intelligence


LINK COPIED TO CLIPBOARD