'Whatever we did was not enough': How Salt Typhoon slipped through the government's blind spots - #APT40
The Chinese Advanced Persistent Threat (APT) group known as Salt Typhoon, also referred to as FamousSparrow, has been actively engaging in cyberespionage activities targeting critical sectors globally since at least 2019. Initially thought to be dormant since 2022, the group has resurfaced with enhanced capabilities, including new versions of their SparrowDoor backdoor and the incorporation of the ShadowPad malware. Their targets have expanded beyond the hospitality sector to include governments, financial organizations, research institutes, and telecommunications entities in various countries. The group's sophisticated techniques involve exploiting vulnerabilities in outdated systems, using web shells for initial access, and employing a combination of custom and publicly available tools for post-exploitation activities. The Salt Typhoon campaign has compromised approximately 80 telecommunications firms, exposing data from over 1 million individuals and highlighting significant shortcomings in the U.S. government's coordination with the telecom industry.