Salt Typhoon Hacking Incident
A European telecoms company was targeted by a hacking group, likely to be the Chinese state-aligned hacking group Salt Typhoon, according to security vendor Darktrace.
The attempt to infiltrate the unnamed company’s networks occurred in July, with the attackers exploiting a vulnerability in a Citrix NetScaler Gateway appliance before installing a backdoor on several Citrix Virtual Delivery Agent (VDA) hosts.
About Salt Typhoon
Salt Typhoon (UNC5807) is a prolific cyberespionage group believed to be part of China’s Ministry of State Security.
- The group is known to have infiltrated the networks of at least eight major US telcos, including Verizon, AT&T and T-Mobile.
- According to the FBI, Salt Typhoon accessed metadata relating to calls and text messages, live phone calls of high-profile targets, and information systems used by law enforcement and intelligence agencies.
Salt Typhoon's activities were described by one senator as the “worst telecom hack” in US history.
Author's summary: Salt Typhoon hacking group targeted a European telco company.