Salt Typhoon US Telecom Intrusions
PRC MSS-linked Salt Typhoon campaign breaching major US telecommunications providers including AT&T, Verizon and Lumen Technologies. Targeted lawful intercept systems and wiretap infrastructure. Declared a national security crisis by CISA. Affected over 80 countries and 600+ organisations.
Start date
1 March 2024
End date
—
Techniques
20
Attributed actors
Techniques (20)
collection2
T1005Data from Local System
T1560.001Archive via Utility
command-and-control4
T1090.001Internal Proxy
T1071.001Web Protocols
T1571Non-Standard Port
T1090.003Multi-hop Proxy
discovery4
T1018Remote System Discovery
T1082System Information Discovery
T1083File and Directory Discovery
T1016System Network Configuration Discovery
execution2
T1059.003Windows Command Shell
T1059.004Unix Shell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1078Valid Accounts
T1133External Remote Services
T1190Exploit Public-Facing Application
persistence3
T1078Valid Accounts
T1543.002Systemd Service
T1133External Remote Services
privilege-escalation2
T1078Valid Accounts
T1543.002Systemd Service
stealth4
T1078Valid Accounts
T1140Deobfuscate/Decode Files or Information
T1070.004File Deletion
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.