Salt Typhoon APT Targets Global Telecom and Energy Sectors, Says Darktrace

The China-linked Salt Typhoon APT group attacked a European telecom via a Citrix NetScaler vulnerability in July 2025, Darktrace reports. This follows past US Army and telecom breaches.

A group of state-sponsored (APT) actors, known as Salt Typhoon, remains a significant threat to networks across the globe, reveals the latest report from cybersecurity research firm Darktrace.

According to the company’s analysis, shared with Hackread.com, the hackers, who are believed to be linked to the People’s Republic of China (PRC), are still finding new ways to breach critical infrastructure.

Salt Typhoon

Active since at least 2019, Salt Typhoon is an espionage group that targets crucial services, including telecommunications providers, energy networks, and government systems, across over 80 countries.

This group, also tracked under aliases like Earth Estries and GhostEmperor, is experts in stealth who use custom tools and newly discovered software vulnerabilities, including zero-day exploits, to maintain long-term ...