1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Notorious Chinese hacking group Salt Typhoon found lurking in Eur

    From TechnologyDaily@1337:1/100 to All on Tue Oct 21 14:15:09 2025
    Notorious Chinese hacking group Salt Typhoon found lurking in European comms networks

    Date:
    Tue, 21 Oct 2025 13:06:00 +0000

    Description:
    Salt Typhoon has its sights set on European Telecoms firm.

    FULL STORY ======================================================================Notoriou s hacking group Salt Typhoon has likely been targeting Telecom orgs Researchers identified tactics previously used by the group Salt Typhoon breached up to 8 US telecom networks in a huge cyber-espionage campaign

    Notorious Chinese hacking group Salt Typhoon has been once again linked to intrusions against telecommunications firms - this time in Europe.

    A new report from Darktrace claims the group has been observed, "targeting global infrastructure using stealthy techniques such as DLL sideloading and zero-day exploits."

    The early stage intrusion activity detected mirrors previous Salt Typhoon tactics, such as the prolific attacks on up to 8 different telecom organizations in a far reaching and potent multi-year campaign which resulted in the group stealing information from millions of American telecom customers using a high severity Cisco flaw to gain access and eventually collect
    traffic from the networks devices were connected to. DLL side-loading

    In the latest incident, Darktrace assessed with moderate confidence that Salt Typhoon abused legitimate tools with stealth and persistence - exploiting a Citrix NetScaler Gateway appliance to obtain initial access.

    From there, the criminals deployed Snappybee malware, also known as Deed RAT, which is launched using a technique called DLL side-loading - another tactic commonly used by Chinese threat actors.

    The backdoor was delivered to these internal endpoints as a DLL alongside legitimate executable files for antivirus software such as Norton Antivirus, Bkav Antivirus, and IObit Malware Fighter, Darktrace explained.

    This pattern of activity indicates that the attacker relied on DLL side-loading via legitimate antivirus software to execute their payloads.
    Salt Typhoon and similar groups have a history of employing this technique, enabling them to execute payloads under the guise of trusted software and bypassing traditional security controls.

    Darktrace says the intrusion was identified and remediated before it could escalate beyond the early stages of attack - neutralizing the threat.

    This highlights the vital importance of proactive, anomaly-based defense and detection above the more traditional signature-based methods, especially
    given the rise in persistent, state sponsored threat actors.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/notorious-chinese-hacking-group-salt-ty phoon-found-lurking-in-european-comms-networks


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)