Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions - #APT40
The Chinese state-sponsored Advanced Persistent Threat (APT) group known as Salt Typhoon, or Earth Estries, has been conducting extensive and sophisticated cyber-espionage campaigns targeting critical industries worldwide since 2023. This group has compromised over 20 organizations in sectors such as telecommunications, technology, and government, utilizing advanced malware tools like GHOSTSPIDER, SNAPPYBEE, and MASOL RAT. They exploit vulnerabilities in public-facing servers and employ living-off-the-land binaries for lateral movement within networks, focusing on exfiltrating sensitive information and maintaining persistent access. Their operations have significantly impacted U.S. telecommunications providers, with major breaches necessitating a large-scale replacement of network devices to secure systems. Salt Typhoon's activities highlight the ongoing and evolving challenges faced by industries in protecting against state-sponsored cyber espionage, emphasizing the need for multi-layered cybersecurity defenses and proactive measures to safeguard critical infrastructure and sensitive data.