Salt Typhoon Targets European Telecom www.databreachtoday.com/salt-typh…

The Chinese cyberespionage hackers commonly tracked as Salt Typhoon haven’t stopped their campaign against global telecoms, says managed threat detection firm Darktrace.

The first said Monday it spotted threat activity consistent with Salt Typhoon indicators in July hacking an European telecom.

Salt Typhoon - also tracked as Earth Estries, GhostEmperor and UNC2286 - is operated by a clutch of private hacking firms whose clients include multiple Chinese government agencies, according to analysis from earlier this year based on leaked data

The group has made telecoms and other digital infrastructure a primary target. The group leapt into public awareness after hacking nine U.S. telecoms in a campaign that became public knowledge in December 2024. An August advisory from the English-speaking nations that make up the Five Eyes intelligence alliance and a clutch of allies warned the group is tracking targets' “communications and movement around the world.

Recurring targets include Cisco switches, as well as Ivanti network gateways and the operating system underlying Palo Alto Networks devices, the advisory states.