Cybersecurity research firm Darktrace has issued a report highlighting the ongoing threat posed by a state-sponsored group known as Salt Typhoon. This Advanced Persistent Threat (APT) group, suspected to be linked to the People’s Republic of China (PRC), continues to discover innovative methods to infiltrate critical infrastructure across the globe.…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Darktrace Reports on Compromise of Citrix NetScaler Gateway Akshaya Asokan (asokan_akshaya) • October 20, 2025 Image: Shutterstock Recent reports from the managed threat detection firm Darktrace indicate that a persistent campaign by the Chinese cyber espionage group known as Salt Typhoon continues…
October 21, 2025Ravie LakshmananCyber Espionage / Network Security A European telecommunications company has reportedly fallen victim to a cyber intrusion attributed to a threat actor associated with the China-linked group known as Salt Typhoon. This incident, as reported by Darktrace, took place during the first week of July 2025. Attackers…
T-Mobile, a prominent U.S. telecommunications provider, has acknowledged being targeted by Chinese cyber threat actors aiming to infiltrate its systems to access sensitive data. The perpetrators, identified as Salt Typhoon, have been conducting a prolonged campaign focusing on extracting cellphone communications of individuals considered “high-value intelligence targets.” The extent of…
T-Mobile Detects Intrusion Attempts, No Data Breach Confirmed Telecom giant T-Mobile recently announced that it has thwarted attempts by cyber actors to penetrate its networks in the past few weeks. Fortunately, the company confirmed that no sensitive customer data was accessed during these attempts. The intrusion efforts were traced back…
Cisco has disclosed that a Chinese threat actor, identified as Salt Typhoon, successfully infiltrated major U.S. telecommunications companies by exploiting a known vulnerability labeled CVE-2018-0171 and utilizing stolen login credentials. This targeted operation reflects the sophisticated methods employed by adversaries focusing on critical infrastructure. According to Cisco Talos, the group…
The U.S. Treasury Department has reported a significant cybersecurity breach that has purportedly provided suspected Chinese threat actors with remote access to some computers and unclassified documents. This incident was publicly disclosed following a communication from BeyondTrust, a third-party software provider of the Treasury, on December 8, 2024, regarding unauthorized…
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding two critical security flaws affecting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM). This action stems from emerging evidence indicating active exploitation of these vulnerabilities. The newly added vulnerabilities are…
A recent ransomware incident attributed to the RA World group has highlighted a troubling intersection between cyber espionage and financial extortion. In November 2024, an unnamed software and services company in Asia became the target of a sophisticated attack employing a malicious toolset closely associated with Chinese cyber espionage tactics.…
