Chinese Cyberespionage Group Salt Typhoon Exposed for Asia-wide Attacks
A Chinese cyberespionage group, known as Salt Typhoon, has been exposed for planting backdoors in corporate networks across Asia. The group targeted a telecommunications company, a gas company, and a governmental institution, but none were based in India. Security firms Avast and ESET have reported on the group's activities.
The group gained long-term access to these networks by installing backdoors. They could then manipulate and delete files, take screenshots, alter processes, and execute console commands. Their tools of choice included Gh0st Remote Access Trojan (RAT) and Management Instrumentation, which allowed them to move laterally within infiltrated networks.
To avoid detection, the group frequently recompiled its custom tools. Infected devices could be commanded to act as a proxy or listen on specific ports on every network interface. Some commands could instruct the backdoors to exfiltrate data to a command and control (C&C) server.
The group's activities extend beyond Asia. It is suspected of attacks in Mongolia, Russia, and Belarus. The USA, the UK, Taiwan, and the EU are also believed to be among its targets.
The Salt Typhoon group's sophisticated tactics and wide-ranging targets highlight the ongoing threat of state-sponsored cyberespionage. As the group continues to evolve its tools to evade detection, vigilance and robust cybersecurity measures are crucial for organizations worldwide.
Read also:
- Regensburg Customs Crackdown Nets 40+ Violations in Hotel Industry
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- BMW & Nissan Adapt Strategies for Mexico's Evolving Automotive Sector
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
