By Anna Ribeiro
Publication Date: 2025-10-21 06:24:00
Researchers at Darktrace shared insights into a recent intrusion attributed to Salt Typhoon, a China-linked cyber espionage group known for targeting global infrastructure through stealthy techniques like DLL sideloading and zero-day exploits. Darktrace detected early-stage activity in a European telecommunications organization consistent with Salt Typhoon’s known tactics, techniques, and procedures, including the abuse of legitimate software to evade detection and execute malicious code. The incident underscores the value of anomaly-based detection in identifying state-sponsored threats that often bypass traditional signature-based defenses.
“The intrusion likely began with the exploitation of a Citrix NetScaler Gateway appliance in early July 2025,” wrote Nathaniel Jones, Darktrace’s vice president of security and AI strategy and field CISO, along with Sam Lister, specialist security researcher at Darktrace, in a blog post published Monday. “From there, the…
