New Salt Typhoon Attacks Leverage Zero-Days and DLL Sideloading

Salt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors from the People’s Republic of China, this advanced persistent threat group has executed a series of high-impact campaigns against telecommunications providers, energy networks, and government systems—most notably across the United States.

Active since at least 2019, the group—also tracked as Earth Estries, GhostEmperor, and UNC2286—has demonstrated advanced capabilities in exploiting edge devices, maintaining deep persistence, and exfiltrating sensitive data across more than 80 countries.

While much of the public reporting has focused on U.S. targets, Salt Typhoon’s operations have extended into Europe, the Middle East, and Africa where it has targeted telecoms, government entities, and technology firms.

Its use of custom malware and exploitation of high-impact vulnerabilities in products from vendors like Ivanti, Fortinet, and Cisco underscores ...