{"id":2526,"date":"2025-08-28T10:54:16","date_gmt":"2025-08-28T10:54:16","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/08\/28\/chinese-tech-firms-linked-to-salt-typhoon-espionage-campaigns\/"},"modified":"2025-08-28T10:54:16","modified_gmt":"2025-08-28T10:54:16","slug":"chinese-tech-firms-linked-to-salt-typhoon-espionage-campaigns","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/08\/28\/chinese-tech-firms-linked-to-salt-typhoon-espionage-campaigns\/","title":{"rendered":"Chinese Tech Firms Linked to Salt Typhoon Espionage Campaigns"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The UK, US and partners from across the globe have released a new report on the notorious Chinese APT group Salt Typhoon, claiming it has received help from several commercial tech companies to further its cyber-espionage goals.<\/p>\n<p>The report named Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology as providing \u201ccyber-related products and services\u201d to China\u2019s intelligence services.<\/p>\n<p>\u201cThe data stolen through this activity against foreign telecommunications and Internet service providers (ISPs), as well as intrusions in the lodging and transportation sectors, ultimately can provide Chinese intelligence services with the capability to identify and track their targets\u2019 communications and movements around the world,\u201d it warned.<\/p>\n<p>These efforts have been ongoing since at least 2021, with the focus for initial access on exploitation of known vulnerabilities rather than zero-days.<\/p>\n<p><em>Read more on Salt Typhoon:\u00a0Salt Typhoon Exploited Cisco Devices With Custom Tool to Spy on US Telcos<\/em><\/p>\n<p>The report urged network defenders in potentially impacted organizations to prioritize patching of network edge devices, specifically the following vulnerabilities:<\/p>\n<ul>\n<li>CVE-2024-21887 (Ivanti Connect Secure and Ivanti Policy Secure)<\/li>\n<li>CVE-2024-3400 (Palo Alto PAN-OS GlobalProtect)<\/li>\n<li>CVE-2023-20273 and CVE-2023-20198 (Cisco IOS XE)<\/li>\n<li>CVE-2018-0171 (Cisco Smart Install RCE)<\/li>\n<\/ul>\n<p>By exploiting the above, threat actors can gain\u00a0access to routers and edge devices, and then potentially hijack trusted connections between providers and customers to pivot into other networks.<\/p>\n<p>\u201cThe APT actors leverage infrastructure, such as virtual private servers (VPSs) and compromised intermediate routers, that have not been attributable to a publicly known botnet or obfuscation network infrastructure to target telecommunications and network service providers, including ISPs,\u201d the report explained.<\/p>\n<p>\u201cThe APT actors may target edge devices regardless of who owns a particular device. Devices owned by entities who do not align with the actors\u2019 core targets of interest still present opportunities for use in attack pathways into targets of interest.\u201d<\/p>\n<p>Reports suggest that these techniques were used to compromise organizations in scores of countries worldwide.<\/p>\n<h2>Network Defenders Urged to Act Now<\/h2>\n<p>The latest report comes on the back of warnings last November that Salt Typhoon had breached at least eight US telecom firms in \u201ca broad and significant cyber espionage campaign.\u201d<\/p>\n<p>The hackers obtained customer call records data\u00a0and the private communications of a limited number of people involved in government or political activity, as well as information subject to US law enforcement requests.<\/p>\n<p>The US Cybersecurity and Infrastructure Security Agency (CISA) even warned at the time\u00a0that high-risk individuals should move away from using unencrypted SMS and adopt end-to-end encrypted messaging apps and phishing-resistant multi-factor authentication (MFA).<\/p>\n<p>The latest advisory was signed by the UK, US, Australia, Canada, New Zealand, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland and Spain, indicating the scale of Salt Typhoon operations.<\/p>\n<p>\u201cWe are deeply concerned by the irresponsible behavior of the named commercial entities based in China that has enabled an unrestrained campaign of malicious cyber activities on a global scale,\u201d said NCSC CEO, Richard Horne.<\/p>\n<p>\u201cIt is crucial organizations in targeted critical sectors heed this international warning about the threat posed by cyber actors who have been exploiting publicly known \u2013 and so therefore fixable \u2013 vulnerabilities.\u201d<\/p>\n<p>Horne urged network defenders to proactively hunt for malicious activity\u00a0and apply recommended mitigations based on indicators of compromise (IoCs), as well as regularly review network device logs for signs of unusual activity.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The UK, US and partners from across the globe have released a new report on the notorious Chinese APT group Salt Typhoon, claiming it has received help from several commercial tech companies to further its cyber-espionage goals. The report named Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology<\/p>\n","protected":false},"author":2,"featured_media":2527,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2526","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2526-a4415f64-8e3d-4da0-811c-436d48521435-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2526"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2526\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2527"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2526"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}