Salt Typhoon Cyberattack: FBI Investigates PRC-linked Breach of US Telecoms - #APT40
The Chinese Advanced Persistent Threat (APT) group known as Salt Typhoon, also identified as FamousSparrow, GhostEmperor, Earth Estries, and UNC2286, has been actively conducting cyberespionage campaigns since 2019. Initially targeting critical sectors such as telecommunications and government entities across multiple regions, the group has expanded its focus to include financial organizations and research institutes. Salt Typhoon employs sophisticated techniques, including custom malware like SparrowDoor and ShadowPad, exploits vulnerabilities in Microsoft Exchange and Windows Server systems, and utilizes public cloud services for covert operations. Recent investigations have revealed the group's resurgence with enhanced capabilities, showcasing improved code quality and modular architecture in their tools. The persistent threat posed by Salt Typhoon has prompted cybersecurity firms and government agencies to develop assessment templates and issue alerts to help organizations validate their security controls and improve defenses against such APT activities.