By Alessandro Mascellino
Publication Date: 2025-10-20 13:15:00
A cyber intrusion linked to the China-based group Salt Typhoon has been identified by cybersecurity researchers, involving the exploitation of a Citrix NetScaler Gateway vulnerability.
The operation, observed by Darktrace, involved advanced methods such as DLL sideloading and zero-day exploits – known techniques the group uses to infiltrate systems while avoiding standard detection measures.
A Persistent Global Threat
Salt Typhoon, also known as Earth Estries, GhostEmperor and UNC2286, has been active since at least 2019.
The group is associated with a series of high-impact cyber campaigns directed at critical sectors, including telecommunications, energy and government systems, across more than 80 countries. While the United States has been a frequent target, recent activity shows a broader reach across Europe, the Middle East and Africa.
Its operations typically exploit vulnerabilities in technologies from vendors such as Citrix, Fortinet and Cisco.
The group has…
