By Matthew Robertson,
Publication Date: 2025-11-11 13:00:00
Long overlooked as a threat surface, many organizations have become increasingly concerned about their network infrastructure and attackers using these devices in combination with living off the land (LOTL) techniques to accomplish their various nefarious objectives: One of those actors, dubbed Salt Typhoon, made headlines earlier this year and brought this often neglected threat surface to the forefront in many peoples’ minds.
The Cisco Talos analysis of Salt Typhoon observed that the threat actors, often using valid stolen credentials, accessed core networking infrastructure in several instances and then used that infrastructure to collect a variety of information, leveraging LOTL techniques. Some of the recommendations to detect and/or protect your environments include:
- Monitor your environment for unusual changes in behavior or configuration.
- Profile (fingerprint via NetFlow and port scanning) network devices for a shift in surface view, including…
