By Zeljka Zorz
Publication Date: 2025-10-20 14:48:00
Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one.
The intrusion
“Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics, techniques and procedures (TTPs), including dynamic-link library (DLL) sideloading and abuse of legitimate software for stealth and execution,” the British cybersecurity company shared on Monday.
Other attack elements indicating Salt Typhoon’s involvement include:
- The exploitation of a vulnerability in a Citrix NetScaler Gateway appliance for initial access (Salt Typhoon is known for exploiting publicly known vulnerabilities in network equipment)
- The use of the SNAPPYBEE (aka Deed RAT) backdoor, which is a tool shared by different Chinese APT groups
- The use of command and control (C2) infrastructure previously linked to the group and the use of non-standard and layered…
