The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new

Salt Typhoon hackers backdoor telcos with new GhostSpider malware

submited by

Style Pass

2024-11-25 17:30:13

The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new "GhostSpider" backdoor in attacks against telecommunication service providers.

The backdoor was discovered by Trend Micro, which has been monitoring Salt Typhoon's attacks against critical infrastructure and government organizations worldwide.

Along with GhostSpider, Trend Micro discovered that the threat group also uses a previously documented Linux backdoor named 'Masol RAT,' a rootkit named 'Demodex,' and a modular backdoor shared among Chinese APT groups named 'SnappyBee.'

Salt Typhoon (aka 'Earth Estries', 'GhostEmperor', or 'UNC2286') is a sophisticated hacking group that has been active since at least 2019 and typically focuses on breaching government entities and telecommunications companies.

Recently, the U.S. authorities have confirmed that Salt Typhoon was behind several successful breaches of telecommunication service providers in the U.S., including Verizon, AT&T, Lumen Technologies, and T-Mobile.